Squashing a Storm worm


By Anne Krishnan | September 30, 2007 at 2:00a.m.

By ANNE KRISHNAN

MCCLATCHY NEWSPAPERS

Q. I’ve read about the Storm worm, and I’m concerned. How do I protect my system by blocking peer-to-peer networking, so that when the malware runs and tries to link up with other infected hosts, that function is blocked and my computer cannot become part of the botnet?

A. This question sounded at first to me like the plot of a science fiction story, but Jeff Crume, an IT security expert at IBM, assures me the concerns are valid, and the threat is real.

First, some background and vocabulary.

The Storm worm, also known as Peacomm and half a dozen other names, is malicious software that prompts infected users’ computers to download other malware. The worm’s authors have made it infectious in a number of ways, including using e-mail greeting cards and links in instant messages, Crume said. He cites some disturbing stats: 1.7 million systems infected and 42 million Storm-related e-mail messages sent recently in a day.

Even the folks at Symantec, the virus-protection gurus, are worried, with one blog recently describing the worm as having a combination of attributes that make it “the perfect storm.”

“Cutting through all the geekspeak, this basically means Storm is one very determined worm,” Crume wrote in e-mail.

Using networking

The worm uses peer-to-peer networking. Unlike traditional networking, in which computing power is centralized in a few servers, the worm’s peer-to-peer networks are decentralized and connect a few dozen computers at a time. That means that taking down one peer-to-peer network won’t take down the entire system, or botnet. It allows infected computers to download the latest versions of other programs that will do the real damage.

You can help cut off the peer-to-peer communications of a worm such as Storm by installing a personal firewall, Crume said. He also advises you not to automatically grant permission to programs on your system wanting to access the Internet.

But the best thing to do is to not get the worm in the first place.

Crume offers these suggestions:

•Install a good virus-scanning tool and keep it up to date with the latest signatures.

•Keep your system up to date with the latest security patches.

•Turn off active content such as Java, JavaScript and ActiveX when viewing unknown Web sites. Crume recommends NoScript as a good Firefox add-on to automate this process.

•Don’t click on links or launch programs you receive in e-mail or instant messages unless you know what they are going to do.

“It is not enough that you trust the person who sent it to you, because their system might have been compromised and is spreading the infection without their knowledge,” Crume said.

If you get the Storm worm, Crume suggests making sure that you have the latest virus definitions, running a full-system scan with your anti-virus program and then letting your anti-virus program handle the removal. You should also check your anti-virus vendor’s Web site to make sure that there aren’t any additional manual steps needed to prevent reinfection.

XThink you can stump the geeks? Send your high-tech question to stumpthegeeksnewsobserver.com. Include your name, address and daytime phone number. Individual replies are not given.

© 2007, The News & Observer (Raleigh, N.C.).