I have been an avid reader of science fiction. Issac Asimov and the Foundation Series has been my most favorite author and series. Now how is it related to this blog entry... because what I read in an e-Week today is literally out of science fiction...
The story titled.... "Storm Worm Botnet Lobotomizing Anti-Virus Programs" (Click here to read the article on e-Week)
The part which was scary enough was what the bot net called the "Storm" is able to do to Antivirus applications and other background processes like P2P programs but the scarier part was its ability to change is own signature every 30 minutes and its ability to detect intrusion by researchers and invoke attack against them!!!
If you ever imagined of virtual mafia,,, this is it. The trouble is that most of the owners of the machines participating in the botnet are innocent victims who fell prey to promise of free software or other incentives.
From the e-week article, I judge (hopefully correctly) that the botnet machines are primarily Microsoft Windows based machines but all machines are vulnerable to the Distributed Denial of Service (DDoS) attacks the Botnet unleashes.
There are few documented cases of e-extortion against popular websites and the e-Week article talks about a take down of an Israel based security company.
Now this has been an eye opener to what an application can face once it is put out in the wild. Thankfully, most ISPs today are equipped to handle DDoS attacks to some degree.
Application Security to most software designers today is an after thought. With composite applications and mash-ups becoming the corner stone of Web 2.0 applications in next few months, I believe application security deserves another look and should become one of the primary consideration with performance and usability while architecting any new applications.
