Feeds

Storm botnet blows itself out

But will the zombie network rise again?

Top 5 reasons to deploy VMware with Tegile

Canadian pharmacy spam, pump and dump stock manipulation, and phishing scams were the most common types of nuisance messages distributed by the botnet.

Penis pills and phishing scams

Rival botnets such as Srizbi, Mega-D and Rustock supplanted Storm as the main producers of junk mail. Marshal's figures show a steady decline of spam from Storm botnet clients since the start of the year. The firm reckons Storm-compromised clients may have been subsumed into rival botnets and are continuing to churn out junk mail. However, it justifies its assertion the worm has petered out by noting that the command and control servers directing it are lifeless.

Still, few seriously believe the Storm worm's creators have abandoned the cybercrime business altogether.

"We have seen occasional surviving Storm bot peers still trying to communicate with each other," Hay said, "but the Storm’s command and control servers are unresponsive. Our data indicates that Storm has stopped. Maybe not forever, but the most likely scenario we can envision is that Storm has become obsolete in the face of other botnets like Srizbi which are more resistant against detection and removal by anti-malware solutions.

"A distinct possibility is that the creators of Storm have abandoned it in favour of a newer botnet that they have created. If they have, it is possibly one of the top spam botnets that we continue to track. It seems unlikely that Storm’s creators simply gave up and went home."

Marshal has posted a chart tracing the rise and fall of the Storm botnet here.

Diary of the Dead

Net security blog sudosecure.net backs up Marshal's analysis, with a few qualifiers. "I have not seen any spam, DDOS attacks, or Fast Flux domain activity related to the Storm Worm since mid September," writes sudosecure.net blogger Jeremy.

Jeremy went to the trouble of deliberately infecting a machine with a Storm worm client. He discovered other clients on the Storm p2p network but servers on the TCP control network responded only with the reply: "Go away, we're not home" - evidence that for all their faults, cybercrooks are not without a sense of humour.

It could be that the Storm worm authors have put everything on hold, or are simply lying low so that law enforcement attention drifts elsewhere, Jeremy speculates. "I think the question isn't 'is Storm dead', but more like when will we see it return and what new features or tactics will it have in store for us." ®

Remote control for virtualized desktops

More from The Register

next story
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
Mozilla, EFF, Cisco back free-as-in-FREE-BEER SSL cert authority
Let’s Encrypt to give HTTPS-everywhere a boost in 2015
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
Got an iPhone or iPad? LOOK OUT for MASQUE-D INTRUDERS
UNjailbroken iOS 7, 8 open to evil, says secbiz FireEye
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Simplify SSL certificate management across the enterprise
Simple steps to take control of SSL across the enterprise, and recommendations for a management platform for full visibility and single-point of control for these Certificates.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.