Finally, someone gets the point of this thing and starts some discussion about what this malware is doing scarily right, instead of dwelling on the fact that this week it is sending itself out as greeting cards or whatever. Does it surprise me that “someone” is Bruce Schneier? Not really :) , although it is a little more technical than his usual posts, which is a good thing:

http://www.schneier.com/blog/archives/2007/10/the_storm_worm.html

He discusses the decentralized command-and-control, plus a bit on the rate at which it spreads. This is the correct focus.

  2 Responses to “Bruce Schneier on the Storm "Worm"”

  1. What I wouldn’t mind seeing, and I find lacking out there – is someone getting a dissassembler and providing a detailed analysis of the worm. Detailing information such as: what techniques it uses to be polymorphic, what encryption it uses and when it uses it, how it processes updates, etc.

  2. Thanks for the comment! It turns out that there is a pretty decent analysis here:

    http://www.cyber-ta.org/pubs/StormWorm/

    It’s on my reading list, but I haven’t gotten to it yet. Skimming through it seems to be pretty good though.

 Leave a Reply

(required)

(required)

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

   
© 2012 McGrew Security Suffusion theme by Sayontan Sinha