WatchGuard Wire
Improve Your Security IQ
The biggest storm in F-Secure's "Storm Worm" is a FUD storm
I arrived at work this morning to find a slew of news reports describing a
new, supposedly large-scale threat dubbed the Storm Worm. According
to one of
these reports, this worm has infected hundreds of thousands of people, adding
its unknowing victims to a malicious bot net. But how significant is this threat?
Many articles [ 1 / 2 ]
make it sound pretty wide-spread and especially scary. Is it really?
These news articles are all based on reports from F-Secure; which provided
a press
release, some blog entries [ 1 / 2 ],
and some statements from F-secure's Head of Research, Mikko Hypponen. F-Secure
warns of a "significant" spam attack that started early Friday
morning, January 19. According to their reports, this significant spam attack
arrives with a subject line of "230 dead as storm batters Europe" and contains
a trojan horse attachment named Read More.exe. If you launch the
malicious attachment, the trojan zombifies your computer, adding it to some
attacker's malicious bot net. Apparently, this spam author hopes that his timely "European
storm" hook will lure many unsuspecting victims into launching his
trojan.
After I did a little digging with some other antivirus (AV) companies, it
looks like the media -- and perhaps F-Secure -- have over-hyped this "Storm
Worm."
According to Symantec and Mcafee,
this spammed trojan poses a very low risk. In fact, Mcafee specifically rates
it "low-profiled,"
which means it hasn't really affected many people. Furthermore, the
media and F-secure have represented the threat inaccurately. First, they keep
calling it a worm when it is a trojan. It doesn't spread on its own. Second,
they mostly concentrate on its storm-related subject. However, the spam actually
uses a variety of subject lines.
So what's the big deal? The big deal is this type of FUD doesn't help the
poor security administrators struggling to keep their networks safe. It screws
up prioritization, causing those administrators to focus on relatively minor
issues when they have much bigger risks to combat. Furthermore, this sort of
quick-spreading hype always seems to promote misinformation. By focusing on
the European storm subject line, these articles might cause administrators
to miss the five other subject lines this threat uses (which, incidentally,
have nothing to do with a storm). If the media and security vendors such as
F-Secure really want to help keep us all secure, they should stick to warning
about the truly dangerous issues and not just those with the most striking
headlines.
But the Storm Worm is still receiving a
lot of media attention. Must be a slow news day or something. -- Corey
Nachreiner, CISSP
Copyright© 2010 WatchGuard® Technologies, Inc. You may copy and distribute this article freely in any medium as long as you copy and distribute the entire article without change and preserve this copyright statement and notice.
|
