- More porn sneaks onto the iPhone
- 'Swatting' case shows need to ban caller-ID spoofing
- Why the iPhone can't be "killed"
- Nortel enterprise chief wants to bring back Bay
- US sets final emergency responder wireless pilot
The swiftly spiking onslaught of the Storm Worm may signal an upcoming change in how its creators intend to wield their weapon.
I caught up with Joe Stewart, senior security researcher at managed security company SecureWorks, at the Black Hat conference. He says that since June 1st, his company has blocked a boggling 20 million attack e-mails carrying the Storm Worm payload. That's up from just over 70,000 attacks seen during the longer span from the beginning of the year through the end of May.
"It's getting out of hand," Stewart says.
And that's just from the networks they're seeing. Mail security company Postini recently said that the during the most recent Storm Worm flood, it saw 120 million attack e-mails in the span of five days.
The misnamed Storm Worm isn't actually a worm; it's a bot, used to corral infected computers together into a network called a botnet, which can then be issued commands by a central criminal controller. One common command is to send vast amounts of spam.
For example, "sending out billions of e-mails per day is effortless" for the Storm Worm botnet, Stewart says.
From the number of infected machines he's found, Stewart estimates that the Storm botnet could comprise anywhere from 250,000 to 1 million infected computers. And that raises questions, along with eyebrows.
"Why do you need a botnet that big?" he asks. "You don't need a million [infected computers] to send spam."
For spam, a million-strong botnet might be overkill. But botnets can do much more - like launching denial-of-service attacks. These attacks aim to overwhelm a Web site or Internet server by sending it a constant stream of garbage data at a particular Web site or Internet server.
Garbage data from one source isn't hard to deal with. But multiply that by a million, and you're talking about a raging deluge.
The Storm Worm is capable of launching DoS attacks, and has already been used for them. So the huge rise in the malware's spread may mean that its creator is getting ready to expand his revenue stream and rent out his botnet for powerful DoS attacks.
The good news is that if you're smart, it's not hard to avoid becoming a Storm Worm victim. So far, the bot spreads as e-mail attachments sent to addresses harvested from infected machines. There's a good chance you've seen it already, in the guise of a fake news story or a supposed e-greeting card.
The Leader in Network Knowledge
Comments (8)
Becuase of Storm Worm 301 students SSNs were stolenBy Anonymous on March 27, 2008, 7:28 pmI got an email today saying that I could get my personal Identity stolen. This is due to Storm Worm being in control of a windows computer at a university with a...
Reply | Read entire comment
Yes, it's a real PITABy Adam Gaffin on August 28, 2007, 10:26 amIt's just like antibiotics: We installed something really good (a math captcha); the spammers figured out how to break it. We're looking at other options short requiring...
Reply | Read entire comment
You Guys Need To Filter for Comment SpamBy Alacrity Fitzhugh on August 28, 2007, 9:42 amI think it's ironic that an article about spambots has several spam comments in it.
Reply | Read entire comment
And Then What?By Wings on August 8, 2007, 4:58 pmAnd when you click the link, your browser loads the file and executes? No warning? (NWW math questions are getting easier.)
Reply | Read entire comment
EXE is not really attachedBy Anonymous on August 8, 2007, 4:53 pmThe executable is not actually contained in the email itself. In the hundreds of examples I've seen at work here, the email contains a link to the file, hosted...
Reply | Read entire comment
View all comments