Application security, Malware, Network Security, Phishing

Storm bot’s stranglehold slipping: report

The Storm botnet showed a dramatic decrease while web-based malware increased, the latest monthly MessageLabs Intelligence Report shows.

Partly due to an updated Microsoft Malicious Code Removal Tool that helps detect infection and partly because of efforts to control the command and control systems by various white-hat hackers, Storm is now just five percent of its original size, Matt Sergeant, senior anti-spam technologist at MessageLabs, told on Monday.

“Its volume is massively down,” Sergeant said. “But of course the owners will be working on that.  They are not going to give up their revenue stream that easily.”

Ken Dunham, director of global response at iSight Partners, a risk analysis firm agreed with MessageLabs' findings.

“Storm was the most well known bot, but things have definitely changed,” Dunham said. “People are monitoring to see who is infected, so it isn't hard to identify all the different hosts and work with that within a network. There is a lot of pressure being put on the Storm Worm botnet.”

On the other hand, Dunham added, the decrease in its size may be because it was broken into smaller parts and is being sold in parcels.

But even as Storm appears to be dying, other types of malware continue to increase. An analysis of web-based malware identified that 36.1 percent of interceptions in April were new, an increase of 23.3 percent since March.

MessageLabs also identified an average of 1,214 new websites per day that harbor malware and other potentially unwanted programs, such as spyware and adware, an increase of 619 per day compared with the previous month.

“There seems to be a large effort currently to use legitimate sources, be it large webmail providers or by cracking into corporate mail servers, to spread spam and malware,” Sergeant said. “A lot of these emails are variations on advanced fee [Nigerian] frauds. Other organizations have taken Storm's lead and built themselves massive botnets.”

These “other organizations” appear to be criminal networks, Dunham said.

“Botnets used to be child's play," he said, "but today, it is all about criminal motivation. Organized crime rings are doing this for fraud, and they are doing it on a network level so they don't bring attention to themselves.”

While the landscape for botnets is increasingly difficult to pinpoint, Dunham said two other botnets are poised to overtake Storm: Nethell and Srizbi.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.