Malware Alert: IPStorm- another threat is looming on the horizon

Malware Alert: IPStorm

Malware Alert: IPStorm

 As if there wasn’t enough to worry about, another threat is looming on the horizon:  IPStorm (not to be confused with the European virus protection package announced on the internet).  It’s a very newly discovered Trojan Horse virus, so cunningly crafted that nobody knows what it does.  So basically, what we have is the equivalent of a severe weather alert, but no thunder and lightning.  Yet.  Hold on to your hats, make sure you apply the tips listed below, and make sure you stay tuned to the CrafTech blogs, because we’re on top of it!

IPStorm is malware, quite sophisticated malware that has just about every base covered.  It was first identified this June by the cybersecurity firm Anomali.  Its creators, who remain unknown, have told us its name, but have made no other information available.  Like 40% of internet activity, it depends on bots (software applications that run automated tasks).  Its bots are linked to a botnet, a group of Internet-connected devices that can each run one or more bots, usually for illegal purposes.  IPStorm’s deadliness is potentially multi-level.  Most disturbingly, it attacks through the IPFS’s (InterPlanetary File System for open-source file-sharing) P2P network traffic to hide its own malicious P2P involvement. This is the very first malware that has been found to use that route—which is a significant indication of the programmers’ expertise.  Unfortunately, that entry point makes the virus all the stronger:  the malicious traffic is hidden, blended right in with normal traffic.  It also makes removing the botnet difficult because there is a risk that the legitimate IPFS network could be affected at the same time—and that’s a place no one wants to go to.  Plus, antivirus tools can be circumvented by this malware, and it can put itself to sleep and use memory allocation to remain dormant until it wakes up.

But wait, there’s more.   Researchers haven’t even been able to figure out how IPStorm begins its infection cycle. That’s because of the nature of its programming, where the malware package itself has been divided many parts, again, a very sophisticated and well-thought-out approach.  Researchers explain about its Go programming language, “By breaking functionality out into different Go packages, the codebase is easier to maintain.  Also, the threat actor can break out things into modules to make it easier to swap out or reuse functionality.”  IPStorm also has several antivirus-evasion techniques built into its configuration. One of the most insidious is its use of folder names that relate to Microsoft or Adobe systems when it copies itself onto a target, meaning that even a tech-savvy and alert user might not notice it right away.

There are some measures you can take to protect yourself while awaiting developments, ones that should be in place in any healthy network environment:

  • Enforce a strong password policy.
  • Disable AutoPlay.
  • Turn off unnecessary file-sharing.
  • Remove unnecessary services.
  • Train employees not to open unexpected attachments.
  • Turn off Bluetooth if you don’t need it for mobile devices.

As of right now, the IPStorm botnet seems to be limited to about 3,000 machines, a surprisingly small number that gives experts every reason to believe that the virus is in a very early stage of development–Which means that the worst is yet to come.  But be assured that CrafTech has this storm on our radar!

Written by: Susan Palmer

Comments are closed.



Our Satisfied Customers

From full network setup, tech support, data backup, and more, CrafTech strives to provide you with solutions to all your IT needs.

I have been a loyal, enthusiastic customer of CrafTech (Tony) for about 25 years now. Craftech from Day One handled all of my needs, for a fair and reasonable price with top-notch service.  Read More
I just wanted to let you know what a great job Evan did on Friday with Laura Martin’s PC. We really appreciate his diligence in taking care of the situation.
Eric Bause, ARM, Media PA | Consulting ActuaryThe Actuarial Advantage Inc.
We’ve gotten the best responses, problem solving and service with a smile that we’ve had since doing business with CrafTech.
Danielle Shull, PresidentPinnacle Healthcare Recovery Partners
It is such a huge weight off my shoulders to know that our data is safe, and that ANY problems I have with my computer, your team will fix it for me…and QUICK!
Jennifer L. Borys, PresidentWoodside Associates
If you would like excellent service at a great price CrafTech is the place to go.
Susan Griffin
Being able to call CrafTech for small or large problems, hardware, quick solutions and always getting a fast reliable fix….Priceless!!!
Donna/Irene/Joanne/Tina, AdministratorsUpper Providence Township
CrafTech is responsive when we call and are very efficient. They find the most cost effective way to deal with issues.
Ido Roizman, ControllerRoizman
The real testament to CrafTech is their responsiveness. I can’t even remember a time when our servers have been down for more than 30 minutes.
Denise Urban, Business ManagerRes-Kem General Water
You have been indirectly responsible for numerous sales in particular, and customer satisfaction in general.
Dave Peairs, Technical DirectorNALCO CAL WATER | An Ecolab Company
I called CrafTech and my mind has been at ease ever since. Tony and Eric gave us amazing service and had us up and running more quickly than I ever imagined possible.
Joyce Csanady, OwnerSigns By Tomorrow

Contact Us

We strive to provide our clients with the best possible IT services and support. We will be able to suit your needs.

Media Office

34 State Road
Media, PA 19063
(610) 566-0980

Aston Office

4748 Pennell Road
Aston, PA 19014
(610) 494-5141