Storm Worm detects early threat, launches counter-attacks

While one security researcher says Storm Worm Trojan is now significantly less terrifying because its network is now about 10 percent of its former size, other researchers say that it is proving hard to get rid of.

Josh Corman, host-protection architect for IBM/ISS, who led a session on network threats at Interop New York, said that “As you try to investigate [Storm], it knows, and it punishes. It fights back.”

The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days, said Corman, Network World writes.

Such early detection and counter attack features of Storm worm hinder security researchers from probing its command-and-control servers. Imagine you will suffer DDoS attacks while you are still at the stage of probing.

In addition, some researchers who have managed to discover some facts about the worm are reluctant to publish their findings. Apparently, disclosing information and findings on how to counter Storm worm would make them the next target of DDoS attack.

In the light of this early detection and counter attack capability of Storm worm, I wonder what you would want security researchers to do in order for them to proceed their investigation.

Storm worm has to be beaten. Especially now since there were indications that Storm Worm botnet is up for sale.

• 

• Storm Worm network shrinks to about one-tenth of its former size
• Researcher: Storm Worm botnet up for sale
• Storm Worm growth is getting out of hand, researchers fear
• No rain on ‘Storm Worm’ parade
• Storm Worm e-mail virus reaches record proportions