We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Storm builds the world's biggest botnet

Is Storm the world most dangerous malware?

While Storm spam is something consumers should watch out for, it doesn't cause much concern among business IT departments because antispam vendors usually catch on to the latest spam blast and update their filters within days, if not hours. However, the potential of unknowingly having corporate assets become part of this huge botnet that's committing crime across the internet does cause concern.

"We have real-time network traffic monitoring tools implemented across [Argonne National Laboratory]'s networks to ensure that we quickly become aware of 'bad' behaviour, especially bot-type/malware behavior," said David Salbego, Unix and operations service manager with Argonne National Laboratory's computing and information systems department. "While no system is perfect, simply relying on not becoming infected is not sufficient - one must be able to definitely prove that machines are not infected and/or not communicating with known 'bad guys'."

Storm a step ahead

Another feature of Storm that keeps researchers on their toes is the malware's ability to constantly change in attempts to keep one step ahead of prevention measures.

"We detect the exploits [Storm] uses to force its way in," said Roger Thompson, CTO of Exploit Prevention Labs. "At one point they were actually changing what they were installing as often as every minute to avoid [antivirus] programs."

Another antivirus vendor agrees that while Storm isn't the worst piece of malware the internet has seen, its versatility gives it longevity.

"I don't think Storm is doomsday; I still think people can use the internet safely," said Dave Marcus, security research and communications manager at McAfee Avert Labs.

"But I also don't think it's going to subside any time soon, because of the many ways it can be used. It's something we have to stay vigilant about."

Storm: FAQ

What type of malware is it?

Storm is often referred to as a worm, although many point out that it doesn't truly fit the definition, which is a piece of malware that self-propagates by spreading itself around a network of computers. Others say Storm is indeed a worm because once it infiltrates a PC it can access the email client's address book and send spam to those addresses.

Still others say Storm is a Trojan Horse, malware that looks like one thing but actually is another. When a Storm spam recipient clicks on the link embedded in the email message, often they are instructed to click again once they arrive at the website to download some software. Instead, they become infected with Storm.

The most important thing about Storm, and the point on which everyone seems to agree, is that it creates botnets. Once a PC visits an infected website and Storm is downloaded, the PC is considered compromised, which means it can be controlled by someone else without the user knowing it.

What is the scope of Storm?

Although F-Secure says the botnet is at least 1 million PCs strong, most experts say there's no way to know how many recipients of Storm spam clicked through and became infected.

One way to get a sense of Storm's scope is to look at the amount of spam associated with it. For example, in August the amount of spam sent that asked the recipient to confirm their account with a spoofed organisation grew from 18 percent of all spam messages on August 21 to 35 percent of all spam sent on August 22. Not only does that mean there was a high concentration of email messages with links to Storm-infested sites in circulation at that time, but it's likely that the many of the PCs sending out those spam messages were part of the Storm botnet.

What other names does Storm go by?

Different antivirus vendors tend to give one piece of malware different names. Although Storm is the most popular name for this malware, it's also been referred to ask Downloader-BAI, Troj/Dorf-Fam, Trojan-Downloader.Win32.Small.dam, Trojan.DL.Tibs.Gen!Pac13, Trojan.Downloader-647, Trojan.Peacomm, TROJ_SMALL.EDW, Win32/Nuwar, Win32/Nuwar.N@MM!CME-711, W32/Zhelatin, Trojan.Peed, and Trojan.Tibs.


IDG UK Sites

LG G Watch R video review: The most desirable Android Wear smartwatch

IDG UK Sites

Apple's 2014 highlights: the most significant Apple news of 2014

IDG UK Sites

2015 creative trends: leading designers & artists reveal the biggest influences & changes coming th)......

IDG UK Sites

Ultimate iOS 8 Tips: 35 awesome and advanced tips for using iOS 8 on iPhone and iPad