Mirage NACs Stave Off Storm Worm

Network Access Control systems from maker Mirage Networks can now recognize and isolate the Storm Worm, and variants thereof. The Storm Worm incorporates infected computers into a global, distributed botnet estimated to range in size anywhere between 250,000 and 10 million infected computers.

The e-mail-borne Storm Worm, which started affecting computers nearly a year ago in January, uses compelling subject lines to entice users to open up attached executables (.exe), which then infect the computer and makes it part of the botnet. Storm Worm's botnet is not centrally controlled and behaves in a peer to peer fashion, with infected machines receiving and acting upon commands from the malware's programmers without their users' knowledge, let alone permission.

Mirage said its research team acquired copies of Storm and its variants and ensured that its NACs detect and shut down the worm, which is key for Mirage "because several aspects of the worm's behavior suggest that its programmers designed it to thwart NAC applications specifically," said Grant Hartline, Mirage's chief technical officer, in a prepared statement.

The worm's behavior could indicate attempts to beat anti-virus (AV) and intrusion prevention systems (IPS), according to Mirage, which points to the fact that the code Storm uses to propagate changes every 30 minutes, which can foil signature-based AV and IPS. The distributed botnet also shifts the infected hosts' roles so that a host could cease functioning as a "command and control" server soon after it is detected, and that role reassigned to another zombified computer.

Storm Worm is also reputed to launch dedicated denial of Service (DDoS) attacks on security vendors that have purposely tried to get machines infected and connected to the botnet in order to reconnoiter the network.

Read More:

About the Author

David Kopf is a freelance technology writer and marketing consultant, and can be reached at [email protected].

Featured

  • futuristic crystal ball with holographic data projections

    Call for Opinions: 2025 Predictions for Higher Ed IT

    How will the technology landscape in higher education change in the coming year? We're inviting our readership to weigh in with their predictions, wishes, or worries for 2025.

  • cloud icon connected to a data network with an alert symbol (a triangle with an exclamation mark) overlaying the cloud

    U.S. Department of Commerce Proposes Mandatory Reporting Requirement for AI, Cloud Providers

    This proposed rule from the department's Bureau of Industry and Security aims to enhance national security by establishing reporting requirements for the development of advanced AI models and computing clusters.

  • person signing a bill at a desk with a faint glow around the document. A tablet and laptop are subtly visible in the background, with soft colors and minimal digital elements

    California Governor Signs AI Content Safeguards into Law

    California Governor Gavin Newsom has officially signed off on a series of landmark artificial intelligence bills, signaling the state’s latest efforts to regulate the burgeoning technology, particularly in response to the misuse of sexually explicit deepfakes. The legislation is aimed at mitigating the risks posed by AI-generated content, as concerns grow over the technology's potential to manipulate images, videos, and voices in ways that could cause significant harm.

  • glowing AI symbol integrated into a stylized cloud icon, surrounded by interconnected digital nodes and translucent security shields, set against a gradient white-to-blue background with grid lines and abstract risk charts

    Cloud Security Alliance Report Plots Path to Trustworthy AI

    A new report from the Cloud Security Alliance highlights the need for AI audits that extend beyond regulatory compliance, and advocates for a risk-based, comprehensive methodology designed to foster trust in rapidly evolving intelligent systems.