Click here to receive your FREE subscription to Campus Technology
News
Mirage NACs Stave Off Storm Worm
11/21/2007
Network Access Control systems from maker Mirage Networks can now recognize and isolate the Storm Worm, and variants thereof. The Storm Worm incorporates infected computers into a global, distributed botnet estimated to range in size anywhere between 250,000 and 10 million infected computers.The e-mail-borne Storm Worm, which started affecting computers nearly a year ago in January, uses compelling subject lines to entice users to open up attached executables (.exe), which then infect the computer and makes it part of the botnet. Storm Worm's botnet is not centrally controlled and behaves in a peer to peer fashion, with infected machines receiving and acting upon commands from the malware's programmers without their users' knowledge, let alone permission.
Mirage said its research team acquired copies of Storm and its variants and ensured that its NACs detect and shut down the worm, which is key for Mirage "because several aspects of the worm's behavior suggest that its programmers designed it to thwart NAC applications specifically," said Grant Hartline, Mirage's chief technical officer, in a prepared statement.
The worm's behavior could indicate attempts to beat anti-virus (AV) and intrusion prevention systems (IPS), according to Mirage, which points to the fact that the code Storm uses to propagate changes every 30 minutes, which can foil signature-based AV and IPS. The distributed botnet also shifts the infected hosts' roles so that a host could cease functioning as a "command and control" server soon after it is detected, and that role reassigned to another zombified computer.
Storm Worm is also reputed to launch dedicated denial of Service (DDoS) attacks on security vendors that have purposely tried to get machines infected and connected to the botnet in order to reconnoiter the network.
Read More:
David Kopf is a freelance technology writer and marketing consultant. He can be reached at david@dkcopy.com.
Cite this Site
copy text (above) for proper citation
Recommended Reading
- IE Is Least-Patched Browser, Report Says
According to a report released last Tuesday, more than 40 percent of Internet surfers don't use browsers with up-to-date security patches--and Internet Explorer users are the biggest culprits.
- Ballmer Wants Board Change at Yahoo
Microsoft's executives have been talking with investor and corporate raider Carl Icahn about renewed plans for Microsoft to acquire part or all of Yahoo, provided that Yahoo's board is replaced. The details were described in an open letter issued Monday by Icahn, which is addressed to Yahoo's shareholders.
- July 2008 Crossword
Click above to see the solution for the July 2008 Campus Technology crossword puzzle.
- Stanford, IFL Introducing $50 Handheld to Mexico Students
Stanford University School of Education and Innovations for Learning, a Chicago-based nonprofit, have entered into a social entrepreneurship collaboration to bring the $50 Teachermate Handheld Computer to extremely underserved children in Latin America.
- 'Important' Fixes To Come in Microsoft's July Patch Cycle
IT pros will come back from the holiday weekend to face a possible four patches in Microsoft's July patch rollout, according an advance announcement issued by the company. The patches, arriving Tuesday, won't contain "critical" or "moderate" items, but all four will be deemed "important."
- Joliet JC Adopts MIR3 Emergency Notification Platform
Joliet Junior College will be deploying the MIR3 inCampusAlert emergency notification service for its main campus in Joliet, IL and its extended campuses and extension centers. inCampusAlert allows for dissemination of information to and from cell phones, e-mail, pagers, land lines, and SMS.
