By John Leyden
31st January 2008
The creators of the Storm Worm botnet are known to US authorities but a
lack of co-operation from their counterparts in St. Petersburg, Russia,
is preventing action being taken.
St. Petersburg was the centre of the infamous Russian Business Network.
It's also reckoned by some to be the city the Storm Worm (more properly
Trojan) authors call home.
Dmitri Alperovitch director of intelligence analysis and hosted security
at Secure Computing told The Washington Post that Russian President
Vladimir Putin and political influence within the Federal Security
Service (Russia's successor to the Soviet KGB) was hampering prosecution
efforts. The implication is that elements of Russian intelligence
agencies are protecting the city's cybercriminals.
"The right people now know who the Storm worm authors are," Alperovitch
said . 'It's incredibly hard because a lot of the FSB leadership and
Putin himself originate from there, where there are a great deal of
people with connections in high places."
Other security experts reckon that the Storm Worm gang are based in
Russia but have no real idea of their location, much less their
identities. David Emm, senior technology consultant at Kaspersky Lab UK,
said coding similarities and packing techniques used with the worm
suggest the authors of the malware and Russian hackers known to have
attacked local websites are one and the same. Kaspersky, like antivirus
firm F-Secure, reckons that the Storm Worm gang is a multinational
effort based in Russia.
"We don't know who they are," said F-Secure chief research officer Mikko
Hyppnen, "but we believe it's a Russian gang with an American or several
Americans helping them to build the social engineering messages and the
websites they use."
Subscribe to InfoSec News