In addition to filing formal complaints with international regulatory authorities and international accreditation organizations, BD-BrandProtect found the most expedient and effective action plan was working with ISPs to “black hole” the domains and make them inaccessible to users on their networks. By September, the domains were no longer accessible through any major ISP network in North America, thereby preventing infected systems from contacting their command center.
Deflecting the army
By blocking the offending domains, BD-Brand- Protect made it impossible for perpetrators to reach their victims. As soon as all aspects of the mitigation strategy had been implemented there was an immediate decline in numbers of active IP addresses and the perpetrators were no longer referencing the online consumer service organization in their spam messages. After approximately two months, BD-BrandProtect saw all monitored IP addresses were no longer hosting the malware and no new active IPs have appeared since, which indicated that they had successfully channeled this attack away from the client. BD-BrandProtect continues to perform monitoring services to ensure that there is no recurrence of a malware attack.
The Storm Worm is the most prevalent piece of malware and the biggest threat to Internet security today. The measures taken by BD-BrandProtect to mitigate the Storm Worm, along with the recommendations to further secure their client’s brand from falling victim to future targeted attacks, have enabled the consumer service organization to begin rebuilding the confidence of their customers while retaining a valuable revenue stream.
The Storm Worm is the latest malware plague to hit the Internet.
With the Storm Worm, spam is sent out claiming to provide an item of interest to the recipient – be it a sports score tracker, an e-card, etc. When the user clicks on the link, they are sent to a compromised system - a zombie - that has already been infected. The Storm Worm Trojan covertly downloads onto the user’s machine without the user’s knowledge and their computer is then opened up for use by the perpetrators. The infected computer is now part of a botnet, which can be used to engage in any number of illegal activities, such as denial of service attacks.
 download pdf version of this case study
|
 |
G L O S S A R Y
Malware
Maliciouscomputer software that interferes with normal computer functions or provides remote access by hackers.
Zombies
A zombie is any device (computer, Xbox, etc.) attached to the Internet that has been compromised by a security cracker, a computer virus, or a trojan horse. Generally, a compromised device is only one of many in a “botnet”, and will be used to perform malicious tasks of one sort or another under remote direction. Most owners of zombie device are unaware that their system is being used in this way.
Zombies have been used extensively to send email spam. As of 2005, an estimated 50% to 80% of all spam worldwide was sent by zombie devices. This allows spammers to avoid detection and presumably reduces their bandwidth costs, since the owners of the zombies pay for their own bandwidth.
Botnet
Botnet is a jargon term for a collection of zombies or bots, which are under the command and control of the perpetrators and used for malicious purposes. |
