Storm bot's stranglehold slipping: report

Share this article:
The Storm botnet showed a dramatic decrease while web-based malware increased, the latest monthly MessageLabs Intelligence Report shows.

Partly due to an updated Microsoft Malicious Code Removal Tool that helps detect infection and partly because of efforts to control the command and control systems by various white-hat hackers, Storm is now just five percent of its original size, Matt Sergeant, senior anti-spam technologist at MessageLabs, told SCMagazineUS.com on Monday.

“Its volume is massively down,” Sergeant said. “But of course the owners will be working on that.  They are not going to give up their revenue stream that easily.”

Ken Dunham, director of global response at iSight Partners, a risk analysis firm agreed with MessageLabs' findings.

“Storm was the most well known bot, but things have definitely changed,” Dunham said. “People are monitoring to see who is infected, so it isn't hard to identify all the different hosts and work with that within a network. There is a lot of pressure being put on the Storm Worm botnet.”

On the other hand, Dunham added, the decrease in its size may be because it was broken into smaller parts and is being sold in parcels.

But even as Storm appears to be dying, other types of malware continue to increase. An analysis of web-based malware identified that 36.1 percent of interceptions in April were new, an increase of 23.3 percent since March.

MessageLabs also identified an average of 1,214 new websites per day that harbor malware and other potentially unwanted programs, such as spyware and adware, an increase of 619 per day compared with the previous month.

“There seems to be a large effort currently to use legitimate sources, be it large webmail providers or by cracking into corporate mail servers, to spread spam and malware,” Sergeant said. “A lot of these emails are variations on advanced fee [Nigerian] frauds. Other organizations have taken Storm's lead and built themselves massive botnets.”

These “other organizations” appear to be criminal networks, Dunham said.

“Botnets used to be child's play," he said, "but today, it is all about criminal motivation. Organized crime rings are doing this for fraud, and they are doing it on a network level so they don't bring attention to themselves.”

While the landscape for botnets is increasingly difficult to pinpoint, Dunham said two other botnets are poised to overtake Storm: Nethell and Srizbi.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.