Published on 26/08/2008

The Storm worm, launched January 2007, was the first comprehensive solution for Internet fraud and attacks. Studying Storm helps us understand the current state-of-the-art hacking techniques and provides valuable lessons for the future. Storm’s authors have been able to:

Perfect social engineering
Abuse unsecured Web 2.0 technologies
Defend itself from attacks and attempts to shut it down
Create new types of exploits

This paper will dissect some of the techniques used by Storm, take a look at what this portents for the future, and discuss what technologies can be used to protect against these threats.

While just ten years ago this paper would have been considered Internet science fiction, the “Storm” worm has become a well-known phenomenon among IT security professionals tasked with keeping the electronic communications we depend upon safe, secure and reliable.

Storm has taken malware propagation to a new level, by increasing the viability of malicious servers, decreasing the ability to “shut down” those enabling servers, and continuously “morphing” in order to evade typical signature based defenses.

In Terminator language, Storm is the “shape shifter” of the Internet and its sustainability and rapid propagation create new levels of threat to any organization connected to the Internet.