Storm worm facing extinction

 

Gallery

By Stuart Turton

Posted on 13 Jan 2009 at 10:09

German researchers claim to have developed a new technique that could eradicate the scourge of the Storm worm.

The Storm worm first appeared two years ago, posing as information on the storms battering Europe at the time, before adopting other guises rooted in topical news items. It quickly compromised millions of machines, turning them into zombie drones that formed part of a massive botnet used by hackers to send spam and perform other illegal activities.

Microsoft made a decent stab of eradicating the Storm worm with the release of its Malicious Software Removal Tool, but according to researchers 100,000 infected machines still exist.

Enter the team from Bonn University and RWTH Aachen University, who claim to have found a way to automatically purge these dregs from the internet.

The team started by taking apart the Storm worm client in order to understand how compromised machines communicated with control servers. They then developed their own software, capable of attaching itself to the Storm worm's peer-to-peer network and mimicking the appearance of a control server.

The team found that zombie machines hunting out new command servers could easily be routed through to their own control server, as Storm worm demands no authentication.

Once attached to the dummy server, the team says it's a simple matter to instruct the compromised machine to download clean up software, purging the Storm worm completely.

However, the team admits it has not yet tested the technique in the real world as it could place it on the wrong side of laws that prevent the modification of computer systems without the owner's consent.