CBOC and Storm Worm variants

Not sure I’ve seen much if anything posted about how CBOC is at detecting the various Storm Worm variants. I see a new article at eWeek.com http://www.eweek.com/article2/0,1759,2205606,00.asp
that a new variant is lobotomizing some AVs rather than killing them. Hopefully CBOC will be able to handle these new threats as good as it always has.

Kevin, you still around to comment? Anyone else! Cat? I’d love to see more news/update articles from the team like we used to see.

I’m not sure we can ever be totally dependent on our AVs to do it all.

Good to see you.

Storms ability to morph is the behavior BOClean built it’s reputation on by defeating.
It would be very concerning if I started seeing reports of CBOC missing these.
I would think this forum would be inundated with calls for help if this were true. :wink:
If you scan through the CBOC forums what you will see are mostly configuration issues or installs corrupted by another program not playing nice in the kernel.

The Storm publicity is a double edged sword, one side getting information out to inform/educate people on the latest social engineering trick used to sucker people in to clicking where they shouldn’t and the other side fanning the flames of fear.
Don’t get me wrong, I’m concerned about this adversary as all should be and have made knee ■■■■ inquiries to Kevin about it. His lack of response to my personal email was silence, this historically means “no big, I’m too busy to answer unnecessary questions.” ;D

On the other hand, it would help quite the concerns of many if he could address this in a public forum.
I’d like to see him include these in the “hidden” test scanner which hasn’t been updated to my knowledge since Comodo acquired BOClean.
I do know Kevin is currently very busy with some of Comodo’s other products which will benefit us all in the long run. :wink:

Hey Cat

And to add… on page 2 of that article it seems to get quite nasty for those who talk about the Storm Worm too. It seems the authors have been able to punish those who attempt to publically challenge them. Perhaps another reason to keep it kind of quiet.

And another link: http://www.networkworld.com/news/2007/102407-storm-worm-security.html?page=1

Poking around the C&C is different from detecting and defeating.
Heck, retaliating command and control servers have been around forever, I’d guess these are probably more aware of the “probes”. Enter the herd with the wrong “scent” and you get whacked.