Storm Worm Botnet Lobotomizing AntiVirus Programs

The ever mutating, ever stealthy Storm worm botnet is adding yet another trick to its vast repertoire: Instead of killing antivirus products on target systems, it's now doing a hot fix with a memory patch to render them brain dead.

The finding was made by Sophos and was mentioned by Joshua Corman, a principal security strategist for IBM Internet Security Systems, Oct. 23 in his presentation here at Interop on the challenge of evolving cyber-threats.

...The strategy means that users won't be alarmed by their anti-virus software not running. Even more ominously, the technique is designed to fool NAC (network access control) systems, which bar insecure clients from registering on a network by checking to see whether a client is running anti-virus software and whether it's patched.

"It's running but brain-dead. It's worse than shutting it off," as it opens the door for Storm bots to waltz past even networks considered to be hardened with NAC, Corman said during his Interop presentation. Storm Worm Botnet Lobotomizing Anti-Virus Programs

Linked by shanmuga Friday, 26th October 2007 11:44PM