What Is The Storm Worm For?

The "Storm" worm computer virus/botnet/trojan horse/malware extravaganza got its name from its first method of transmission -- an e-mail attachment with the subject line: "230 dead as storm batters Europe."  Since then it's used all sorts of clever ruses to get people to click on it and infect their machines. And unlike your typical worm, it isn't a form of "look at me" vandalism. The Storm botnet is designed to do something criminal. But what?

Old style worms -- Sasser, Slammer, Nimda -- were written by hackers looking for fame. They spread as quickly as possible (Slammer infected 75,000 computers in 10 minutes) and garnered a lot of notice in the process. The onslaught made it easier for security experts to detect the attack, but required a quick response by antivirus companies, sysadmins and users hoping to contain it. Think of this type of worm as an infectious disease that shows immediate symptoms.

Worms like Storm are written by hackers looking for profit, and they're different. These worms spread more subtly, without making noise. Symptoms don't appear immediately, and an infected computer can sit dormant for a long time. If it were a disease, it would be more like syphilis, whose symptoms may be mild or disappear altogether, but which will eventually come back years later and eat your brain.

No one knows what it's for, how to stop it from spreading, or how to combat it if it is turned on. Other than a few pump-and-dump stock schemes, the only thing the worm has attacked has been anti-spam sites that tried to bring attention to it. It points to a failure of imagination in our public officials that this worm has not been identified by law enforcement as the threat it is -- perhaps the largest criminal enterprise ever: A robot army of malware, numbering in the millions. Fix the robot army of computer syphilis, please.

Tags:  Storm, Worm, Tor