Feeds

Storm botnet blows itself out

But will the zombie network rise again?

Beginner's guide to SSL certificates

Canadian pharmacy spam, pump and dump stock manipulation, and phishing scams were the most common types of nuisance messages distributed by the botnet.

Penis pills and phishing scams

Rival botnets such as Srizbi, Mega-D and Rustock supplanted Storm as the main producers of junk mail. Marshal's figures show a steady decline of spam from Storm botnet clients since the start of the year. The firm reckons Storm-compromised clients may have been subsumed into rival botnets and are continuing to churn out junk mail. However, it justifies its assertion the worm has petered out by noting that the command and control servers directing it are lifeless.

Still, few seriously believe the Storm worm's creators have abandoned the cybercrime business altogether.

"We have seen occasional surviving Storm bot peers still trying to communicate with each other," Hay said, "but the Storm’s command and control servers are unresponsive. Our data indicates that Storm has stopped. Maybe not forever, but the most likely scenario we can envision is that Storm has become obsolete in the face of other botnets like Srizbi which are more resistant against detection and removal by anti-malware solutions.

"A distinct possibility is that the creators of Storm have abandoned it in favour of a newer botnet that they have created. If they have, it is possibly one of the top spam botnets that we continue to track. It seems unlikely that Storm’s creators simply gave up and went home."

Marshal has posted a chart tracing the rise and fall of the Storm botnet here.

Diary of the Dead

Net security blog sudosecure.net backs up Marshal's analysis, with a few qualifiers. "I have not seen any spam, DDOS attacks, or Fast Flux domain activity related to the Storm Worm since mid September," writes sudosecure.net blogger Jeremy.

Jeremy went to the trouble of deliberately infecting a machine with a Storm worm client. He discovered other clients on the Storm p2p network but servers on the TCP control network responded only with the reply: "Go away, we're not home" - evidence that for all their faults, cybercrooks are not without a sense of humour.

It could be that the Storm worm authors have put everything on hold, or are simply lying low so that law enforcement attention drifts elsewhere, Jeremy speculates. "I think the question isn't 'is Storm dead', but more like when will we see it return and what new features or tactics will it have in store for us." ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
Desperate VXers enslave FREEZERS in DDoS bot
Updated Spike malware targets Asia
Heatmiser digital thermostat users: For pity's sake, DON'T SWITCH ON the WI-FI
A stranger turns up YOUR heat with default password 1234
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.