OVER THE EDGE November 7-21, 2007 JEREMY JOHNSON Starr WRriTER It has been a case mainly known by those who focus on the technology side of things - whenever something related to technology is reported, there’s a good chance that it the story might either not be entirely accurate or simply showing one side of the story: If there was any recent case that highlights this sort of trend, it’s the major media coverage of Storm Worm. * Storm Worm is a hybrid of a worm, a trojan, and general malware. It spread quickly throughout the internet infecting a large number of computers. It did progress to the poimt where just about every anti-virus company was looking at ways to stop it - not to mention Microsoft since it specifically targeted Windows machines including XP and Vista. This caused the developers of the malware to work furiously on the code be- hind Storm Worm to evade them. The name, ‘Storm Worm’ originated from it’s first appear- ance via e-mail. The subject headline was ‘230 dead as storm batters Europe’ The malware, at the time, was interpreted as a worm due to it’s behaviour. The name was then eventually truncated by experts to Storm Worm where the name stuck to this day. There were aspects of this story that news organizations got right. It was used for Pump and Dump spam. The details were unfortunately left out, but this Pump and Dump scheme was via Adobe files, Excel Spreadsheets, MP3s and plain text emails. Other malicious activity correctly reported by large news organizations was that it was used for phishing and DDOS (Distributed Denial of Service) attacks against indi- viduals and organizations. Of course, both of these terms are relatively easy to understand for techies, but not necessarily for all non-techies. Pump and Dump schemes are essentially related to stock markets - typically via computers as one can imagine. What happens is several people who would benefit from this type of scheme invest in a small company’s stock. Shortly after, the stock value goes up rapidly due to this influx in invest- ment. Then emails are distributed to victims, telling them that a stock option is going up quickly and that they should also invest in this company. The victim then invests money into the stock thinking that the stock will keep going up and they would get a good portion of money as a result. Then when the stock prices are inflated enough, the people benefiting from this sell their stock, causing the price to plummet. The people who sold their stock got some extra cash out of the deal, leav- ing the victims with practically worthless stock shares. A Distributed Denial of Service attack is basically where a number of computers send corrupted or otherwise useless data to a target computer. When enough information is sent to the target computer or server, the target becomes overloaded and is then unable to function. Sometimes, it’s strictly an attempt to force a website offline. The way this is possible is (in some cases) a host that sells the web space allots a certain amount of bandwidth. When that bandwidth is exceeded, the host then shuts down the website, saying that the bandwidth has been exceeded for a given amount of time (typically on a per month basis). Back to Storm Worm, one aspect that was of particular inter- est was the ability to update. Usually, a malware creator that makes a virus just sends it out, doing some form of damage to a number of computers. Anti-virus companies then get that virus, figure out how to detect it, then configure the anti-virus software to detect and delete the virus before it does any dam- age. In this case, the Storm Worm had the ability to update. Normally, updating a virus just entails making a new, or typ- ically modified an existing virus. This did complicate things for anti-virus companies, but didn’t render things impossible. There were a number of points that were sensationalized or simply incorrect. This was discovered by some researchers at the University of California, San Diego. Their power point, which also features source code and other statistics is avail- able at http://noh.ucsd.edu/~bmenrigh/exposing_storm.ppt. The points that were inaccurate in the media was that the net- work contains anywhere between 1 to 50 million comprom- ised computers, the network is the most powerful super com- ‘puter in the world, the network sends tens of billions of emails a day, and the decentralized nature of Storm Worm makes it impossible to track. These points were debunked when the researches followed Storm Worm and noted that the peak of Storm Worm occurred in July when roughly 200,000 compromised computers could -be detected at one point in time, with over 15 million comput- ers in a particular day. More recently, as of October 21st, the network is roughly 10% of its former size. This, of course, debunked the second claim that it is currently the most power- ful super computer in the world and that it is growing in size right now. The other aspect that needed debunking was that it is impos- Storm Worm Now Merel Publicity Storm sible to figure out how to track due to its decentralized nature. In detail, which was also not specifically covered, was that it used the Overnet network. The Overnetwork was used for the client known as eDonkey2000. eDonkey2000, and therefore, the creator of eDonkey2000, received a cease and desist letter from RIAA (Recording Industry Association of America). Jed McCaleb then ceased developing the network and the client as well as removing the client from the official website. It is re- ported that the agreement with the RIAA was reached on Sep- tember 12, 2006. While both have ceased being developed, both exist and are still in use by many users. Many correctly suspected that since the network is no longer being developed, that malware creators would take advantage of the situation and write malware for Overnet. Overnet is still mainly used for file-sharing, but not since Storm Worm has made a use for the network to communicate to computers through the network. While the presence for such a network exists on the Overnet network is bad for internet users, it won’t really affect anyone who use the network for file-sharing purposes because the Storm Worm’s primary means of spreading is email. While shutting down the Overtnet Network is probably not possible any time soon, it doesn’t make things impossible to track the Storm Worm network. A utility was created for Ov- emet by the Overnet creators called ‘WireShark’ which has the ability to track things like Storm Worm over the network. Using this utility as well as custom applications to track the network, the researches were able to track and record the spread of the network relatively effectively. The vast informa- tion collected is reportedly also available as well for others to dissect and interpret. The source code is currently featured in the power point presentation, as well as described in detail what the code actually does. While the Storm Worm virus may prove to be an interest- ing concept to malware experts, the complicated aspect of this particular piece of malware was also part of its own undoing. Allegedly, compromised computers were rendered useless be- cause of poor programming on the virus writers part. However, the publicity Storm Worm got is unusual. At this point, it may have been more successful at being sensationalized as an ul- timate piece of malware then actually being the ultimate form of malware. It’s entirely possible for fork projects to come into existence and it may give other malware creators idea, but for now, the malware story is little more than a malware story for those who keep their anti-virus applications up to date. Minimum Wage Increase Rejected by Liberals Repecca CARMICHAEL Copy Eviror When you think of poverty in Canada, un- employment and welfare might be the first things to come to mind. However, even work- ing hard at a legitimate job is often not enough to sustain a healthy income. Working full time in BC for minimum wage will keep you more than $4000 below the poverty line annually. That’s only for a single worker, not including the impact of caring for dependant children. While a common assumption is that most low wage eamers are teenagers, over 10% of workers over the age of 25 make less than $10/hour, many of them raising families. While the cost of living has risen dramat- ically in BC, the minimum wage has been frozen at $8/hour for six years. Students at- tempting to offset rising tuition and living costs with part time jobs also feel the impact of a disproportionately low minimum wage. It’s not surprising then that over 80% of Brit- ish Columbians support raising the minimum wage to $10/hour. The BC Federation of Labour, provincial NDP, and the Canadian Centre for Policy Al- ternatives have been directing a campaign to set the current minimum wage at $10/hour as soon as ‘possible. They also wish to elimin- ate the $6/hour training wage, and create an indexing system so that wages increase in proportion to the rate of inflation. A motion was brought forth recently by the NDP opposition to raise the minimum wage, but the current Liberal government headed by Premier Gordon Campbell voted it down at the end of October. Indeed, Labour Minister Olga Ilich would not even consider it. They fear job losses and negative economic impacts as a result of such an increase. To combat the growing gap between rich and poor in BC, the Liberals apparently plan to subsidize housing and medical premiums for low wage earners, rather than actually increasing wages. How- ever, they did find it necessary to give them- selves a 29% wage increase. Since this decision was made very recently, it remains to be seen what will come of it. Labour and social justice advocates will not likely be backing down anytime soon. On November 3, activists in Prince George will be marching from CNC to MLA Pat Bell’s of- fice in order to promote raising the minimum wage to $10. Unfortunately, Over the Edge will not be able to cover this before this issue comes out. For people living on less than $10/hour, the question of a minimum wage increase is not an abstract political or economic one, but a