Feeds

Infamous Storm botnet rises from the grave

Undead penis pill spam

5 things you didn’t know about cloud backup

After blowing itself out 18 months ago, the notorious Storm botnet is back, researchers from CA said Tuesday.

Storm - once responsible for churning out 20 percent of the world's spam - started to peter out in September 2007, when Microsoft targeted it through the Malicious Software Removal Tool. Some 274,372 demonized PCs were exorcised during the first month alone. A year later, researchers from Marshal declared the menace dead.

Now, security watchers at CA say they've spotted a new botnet that bears the hallmarks of Storm and is sending out a "massive volume of spam emails to targeted recipients." An analysis of the command and control servers shows it used Base64 encoded data to send infected machines instructions and templates for junk-mail relating to adult dating services, penis pills and other online pharmacy scams.

"The characteristics and behaviors are very much Storm-related in terms of the command and control and the mechanism that it uses to identify the content of the mail messages and who and how to send them," Don DeBolt, head of CA's research team, told The Register. "It's all utilizing the same tactics and methodologies that the Storm Worm did."

Storm made its debut in early 2007 and got its name from the brutal storms that hit Europe at that time. Its success at pumping out huge amounts of spam helped pave the way for other junkmail botnets such as Srizbi, Mega-D, and Rustock, which borrowed many of the same social-engineering come-ons and other tactics. In addition to the crushing blow from Microsoft, Storm's demise was also brought about by researchers who discovered a design flaw that allowed them disrupt its command and control channels.

CA has identified three varients of Storm that at time of writing were detected by 26, 25 and 24of the top 41 anti-virus products. CA's writeup is here. ®

Next gen security for virtualised datacentres

More from The Register

next story
Microsoft: We plan to CLEAN UP this here Windows Store town
Paid-for apps that provide free downloads? Really
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Hear ye, young cyber warriors of the realm: GCHQ wants you
Get involved, get a job and then never discuss work ever again
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.