The Storm Virus
The Most Catastrophic Virus Known To Man
The Storm Virus
The storm virus, the #1 threat in the virus world, is classified as a worm virus. More importantly, this is a worm containing a backdoor, Trojan Horse, to infect your computer.
- Worm Virus: A virus which may always contain some sort to your computer. Finds it's way in through computer network connections, and does not require a file to be attached to.
- Trojan Horse: A non-self-replicating type of malware which contains malicious code, that when executed carries out whatever action the virus was intended to accomplish.
The Outbreak
The storm virus was sent out on Friday, January 19, 2007 using an email message containing the subject line about a recent weather disaster: 230 Dead As Storm Batters Europe. This email quickly circulated throughout Europe, and the virus was obtained simply through the opening of the e-mail. On the 22nd of January, the Storm Worm accounted for 8% of all malware infections throughout the globe; spreading all the way to other countries such as the US, Canada, and the rest of Europe. Eventually, this virus would be able to be traced back to the Russian Business Network in St. Petersburg, Russia.
The Russian Business Network is an entity which provides web hosting services which cater directly to cyber-criminals. Here they sell website hosting to customers who are engaged in criminal activity, such as the popular Identity Theft scams where cyber-criminals attempt to lure your personal information through the use of an individual's e-mail.
The Process
The Storm Virus came in many shapes and sizes. Some emails only containing the malware worm, but some even contained files pretending to be images or documents. No matter what the form, once the email was opened, the worm was released into your system, which connected your PC to some remote "master server" which can be referred to as botnetting. Once connected, your PC, and all other's PCs would be linked to a central network which would send packets to and from the central server. The kicker is here; the virus is was designed to change it's IP address every 10 minutes, making it nearly untraceable. So once connected to the "zombie network" of infected PCs, it was almost impossible to escape or find a way around it.
Storm Virus Attachment
Here you can see what a real storm virus email looked like. This includes a Trojan Horse attachment.
Zombie Computer
Once infected, your computer becomes apart of a zombie computer network. All able to be controlled from the creator of the virus.
Trojan Horse Disguised
This is an example of what a Trojan Horse may look like in code. Disguised by all surrounding code.
The Damage
Since the Storm Virus was so well spread throughout the world, you can only imagine the damage it began to cause. On September 7, 2007, it was estimated that the Storm Virus had reached up to 10 million computers world wide. This also included the 40,000 node networks that had formed in local communities. The Storm Virus itself caused no noticeable damage, however linked tens of thousands of computers to be controlled by one user under the use of the botnetting method mentioned earlier. To this day, the creator(s) of the Storm Virus have still not been identified, meaning no punishment has been put in place, nor have they been stopped. In fact, all agencies attempting to trace the virus has been attacked by the controllers of the virus itself. Once an agency has been compromised, the storm virus goes back into hiding, waiting for another attempt of an attack.