Feeds

Storm botnet blows itself out

But will the zombie network rise again?

5 things you didn’t know about cloud backup

Canadian pharmacy spam, pump and dump stock manipulation, and phishing scams were the most common types of nuisance messages distributed by the botnet.

Penis pills and phishing scams

Rival botnets such as Srizbi, Mega-D and Rustock supplanted Storm as the main producers of junk mail. Marshal's figures show a steady decline of spam from Storm botnet clients since the start of the year. The firm reckons Storm-compromised clients may have been subsumed into rival botnets and are continuing to churn out junk mail. However, it justifies its assertion the worm has petered out by noting that the command and control servers directing it are lifeless.

Still, few seriously believe the Storm worm's creators have abandoned the cybercrime business altogether.

"We have seen occasional surviving Storm bot peers still trying to communicate with each other," Hay said, "but the Storm’s command and control servers are unresponsive. Our data indicates that Storm has stopped. Maybe not forever, but the most likely scenario we can envision is that Storm has become obsolete in the face of other botnets like Srizbi which are more resistant against detection and removal by anti-malware solutions.

"A distinct possibility is that the creators of Storm have abandoned it in favour of a newer botnet that they have created. If they have, it is possibly one of the top spam botnets that we continue to track. It seems unlikely that Storm’s creators simply gave up and went home."

Marshal has posted a chart tracing the rise and fall of the Storm botnet here.

Diary of the Dead

Net security blog sudosecure.net backs up Marshal's analysis, with a few qualifiers. "I have not seen any spam, DDOS attacks, or Fast Flux domain activity related to the Storm Worm since mid September," writes sudosecure.net blogger Jeremy.

Jeremy went to the trouble of deliberately infecting a machine with a Storm worm client. He discovered other clients on the Storm p2p network but servers on the TCP control network responded only with the reply: "Go away, we're not home" - evidence that for all their faults, cybercrooks are not without a sense of humour.

It could be that the Storm worm authors have put everything on hold, or are simply lying low so that law enforcement attention drifts elsewhere, Jeremy speculates. "I think the question isn't 'is Storm dead', but more like when will we see it return and what new features or tactics will it have in store for us." ®

Secure remote control for conventional and virtual desktops

More from The Register

next story
One HUNDRED FAMOUS LADIES exposed NUDE online
Celebrity women victimised as Apple iCloud accounts reportedly popped
Rubbish WPS config sees WiFi router keys popped in seconds
Another day, another way in to your home router
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
NZ Justice Minister scalped as hacker leaks emails
Grab your popcorn: Subterfuge and slur disrupts election run up
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
New Snowden leak: How NSA shared 850-billion-plus metadata records
'Federated search' spaffed info all over Five Eyes chums
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.