The storms, that have masked our sun and prevented any chance at a surf in recent weeks, have in fact re-filled some of Australia’s most dehydrated dams. But with all of the benefits - when there is a storm, damage is unfortunately inevitable.
Much is the same in the world of IT security. Storms blow-in and out in a whirlwind, preventing users from going about their rightful business and leaving behind a trail of destruction which is often very costly and time-consuming to repair. In this technological world, one particular storm has jolted the security industry and 12 months on there is no distinct sign of its demise.
I am of course referring to the infamous Storm worm, an uber-botnet, whose alleged Eastern European perpetrators ransacked global networks in 2007 and revolutionised the size and scale of a botnet.
“I’ve never seen anything like it,” said Philip Routely, MessageLabs’s product marketing manager. “Everything that I look at with Storm shows that it really has lead the way in terms of botnets.”
Reports as to the exact size of the botnet differ but various estimates indicate that at its peak in September 2007 around two million PCs globally were infected or according to security vendor Marshal, it accounted for 21 percent of all reported spam.
So where did it start and more importantly where will it go from here? Since its inaugural strike in January 2007 where it spammed out fake news headlines about Europe’s long and deadly winter - not to mention earned its nickname - it hasn’t missed a beat riding off the back of every popular media report and calendar event including Valentines Day, Halloween as well as the festive season.
Using cunning social engineering tricks its aim is to scam users into joining the botnet and then unknowingly relay its messages. More so, and this is where financial gain comes into play, according to Routely, the botnet gets hired out by cybercriminals for profits.
“Basically, they’re offering a pipe, that’s this big, and can be distributed this quickly. It’s a very clean and worthwhile botnet to use.”
Interestingly, what began as a simple spam relaying botnet, the Storm worm has taken on several guises including e-cards, web threats, phishing attacks. It has even trawled through blogs and bulletin boards in an attempt to expand.
Today, reports indicate that its strength has declined at least for the time being, however according to Marshal, a bigger and better botnet dubbed Mega-D has unseated the Storm as the largest botnet, sparking fears among experts that the Storm worm’s tricks have spread.
Researchers at MessageLabs are not entirely convinced that Mega-D is a separate botnet. Instead they fear that Storm is mutating.
“The Storm botnet may be fragmented, they’re splitting it up in smaller independent parts which are not only growing but they are hiring those out too. That’s probably the latest change with the Storm botnet,” said Routely.
I’ll be keeping a close eye on this one, you should do the same.
Storm worm botnet: mutating or fading?
By Negar Salek on Feb 28, 2008 11:32AM