Hate the hype surrounding the Storm worm, and hate to add to it. Since its debut in early 2007, the virus has infected millions of PCs to create botnets that send spam or launch denial-of-service attacks. And it will very likely be used to create an immense amount of damage some time in the future. This leads to two very important points: (1) The Storm Worm and its effects are preventable; and (2) Little is being done to avert it.
Given the widespread news coverage about the Storm worm, no one should be surprised at the seriousness of this malware threat. I believe that any computer that doesn’t have the latest patches installed, along with the appropriate anti-malware, should be removed from the Internet. More importantly, I would really like to see some liability attributed to the millions of people who allow their computers to be a hazard to others. Only then will we see any real improvement in the problem.
Sadly, there are many parallels between the Storm worm (and all other worms for that matter) and D-Day — the day the Western Allies began the Battle of Normandy to liberate mainland Europe from Nazi occupation during World War II.
First, I should review some little known history about D-Day and World War II. One of the most successful espionage operations during that time involved an allied double agent, who I think was named Raul (if that’s not right, I’m sure a reader will be happy to provide the correct name). Raul posed as a spy for Germany and convinced Hitler that the Allied invasion would originate from Northern England and come through Norway and other northern areas.
Based on this information, Hitler left the western areas, including Normandy, relatively unprotected. Even though the Allies amassed their landing force off the coast of Normandy, Hitler ignored all of the reports. Raul said it was just a diversion attempt to get Hitler to move his forces out of the north. It wasn’t until three days into the D-Day invasion that the bulk of German forces were redeployed to repel the attack.
Many movies rightfully portray the heroics of the Allied invasion forces. However, the Allied troops wouldn’t have had a chance if it were not for Raul’s success in convincing the Nazis that the real attack would come from further north.
Although German field commanders realized Allied troops amassing off the Normandy coast were more than a diversion, Hitler wouldn’t accept that reality. Instead, he essentially relied on a fairytale invented by Raul. There was some cover and deception used to support Raul’s efforts, but the bulk of his information was completely and verifiably fabricated.
Today, instead of being subjected to bad intelligence about the Storm worm, we are being subjected to lot of ignorance. There is little doubt that there are millions of botnet systems out there that could launch a coordinated attack. Just as Hitler ignored reports that there were hundreds of Allied ships off the Normandy coast, CIOs, governments, and home users are failing to take basic preventive measures to minimize their damages against a potential Storm worm attack.
How botnets spread and create damage is no secret, but it is preventable. Not taking basic precautions is absurd. There are numerous reports stating how most computers are not satisfactorily protected.
Still not convinced? Then let’s use an automobile analogy. If a car has serious safety problems, but the owner still decides to drive it on the road, police will give the driver a ticket and have the car towed. Why can’t we use the same approach with computers? If car owners with insufficient tire tread can be fined for violating a safety hazard, we should fine home computer users who allow their computers to spit out hundreds of thousands of malware-laden spam email.
It is that simple.
— Ira Winkler, Former National Security Agency analyst and author of Spies Among Us