We like to imagine that hackers are smart, but it is their collective incompetence that has allowed the IT industry to survive their attacks as long as they have.
Viruses may be unleashed, worms may spread, but usually the McAfees and Symantecs of the world are quick enough to help isolate and deal with such malware in a manner of weeks, if not days. This was the case with Sasser, Nimda, and even Code Red. Rare is the malware that acts with the consistent, determined approach of a stealth marketing campaign. This, however, has been the hallmark of Storm, a quietly professional example of online organized crime at its best. And scariest.
You know something's different when Storm starts cropping up in the pages of mainstream newspapers, as it did in the Toronto Star earlier this week. In a story which described Storm as the "syphilis of computers," the Star explained in very basic, accessible terms what the threat is and how it is growing. It's the kind of story you would have expected to find written about head lice in elementary schools or, before SARS hit Toronto, the nature of pandemics. A problem historically of concern to specialists such as doctors (or in Storm's case, IT managers) is translated for a mass audience, because the specialists are proving incapable of stopping the worst of its effects.
The most recent reports about Storm, particularly a blog post from Secure Works researcher Joe Stewart, suggest that the hackers behind it are splitting up access to the compromised computers for sale to spammers. It doesn't matter whether you believe there are millions of such zombie machines or, as some experts say, a quarter of a million. We're potentially talking about an army of infected machines the size of several corporate enterprises. Selling them to those who send unsolicited commercial e-mail is the least of the dangers such a "market" of botnets poses.
We've become so used to the identify-contain-forget cycle of security that Storm may require a completely different mind set, both for IT managers and their users. Storm has already hung on for the better part of a year. There's little to indicate it will be on the wane anytime soon. Instead of seeing such malware as a short-term event which we combat and vanquish, we may have to think of coping strategies that extend to several years. This would, of course, have major implications for enterprise IT security policies,which typically focus on user behavior in exceptional circumstances (illegal downloads, connecting an unknown device to the network) rather than guidelines for ongoing vigilance.
Storm got its name because of an e-mail message that warned of a disastrous weather event that was taking place in Europe, but the metaphor may not really apply anymore. When a real storm ends, people can usually walk around the way they did before. With the Storm malware, the rain might keep falling. IT managers will have to decide whether to permanently carry an umbrella, or get used to being wet.
- +
Ticked Off at Tick the Box Mentality 04/02/2008 13:01:15
Does your executive search firm know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients?Does your executive search firm know its MIS managers from its elbow? Does it even know the difference between an MIS manager and a CIO, and if it does, can it explain that difference to its corporate clients? - +
Strategies for Dealing With IT Complexity 24/12/2007 10:30:47
Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business.Every innovation, every business process improvement, comes with an IT complexity tax that must be paid by CIOs in time, money and sweat. Here are strategies to mitigate the increasing complexity of IT as it enables new business. - +
Process Trip 04/02/2008 13:07:03
Why Maritz Travel revamped key business processes — and how business and IT came together to make it workWhen Rich Phillips became COO OF Maritz Travel about two and-a-half years ago, he sat down and took a hard look at the big industry picture
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Vignette Announces 2008 Excellence Awards 2008-11-21 10:50:00+11
PGP and Ponemon Institute Unveil Inaugural Australian Data Breach Study 2008 2008-11-20 17:34:00+11
Symantec Cloud Services Transform Data Centre Operations Through Proactive Management 2008-11-20 12:06:00+11
Verizon Business Offers Tips to Building a Successful Unified Communications and Collaboration Plan 2008-11-20 12:04:00+11
AARNet Brings 4K Digital Cinema to Australia: First 4K HD Video Signal delivered into Australia by AARNet 2008-11-20 12:02:00+11
Know thy self: Reduce costs, secure data and ensure compliance with identity management
Midsize businesses cannot operate effectively without the ability to control access to their networks and business systems. A strong identity management platform can play the role of gatekeeper and guardian of business intelligence and information. Read on to discover how you can create a strong identity management plan to protect your business.
Buying Guides
