Storm botnet gets profiled at Web site
- — 16 January, 2008 08:02
Storm, which has grown into a large remotely controlled botnet since the initial worm appeared a year ago to infect victims' machines, is getting a graphic profile on a Web site set up to track it.
StormTracker on Secure Computing's TrustedSource.org research portal displays real-time information compiled through sensors maintained in 75 countries. According to Dmitri Alperovitch, director of intelligence analysis and hosted security at Secure Computing's TrustedSource Labs, Storm has morphed into a botnet capable of various tasks, such as sending spam, establishing malicious Web pages or carrying out phishing attacks.
"In the last couple of days, it has conducted phishing attacks against Barclays Bank and the Bank of Nova Scotia," Alperovitch says. "It's a fast-flux network with thousands of machines around the world, and it's grown so that it's almost impossible to shut down."
Secure Computing believes that the Storm botnet is operated by individuals in Russia, based on the firm's analysis and registration of domain names, but wouldn't provide specifics.
Alperovitch says the StormTracker site is intended to inform security managers about the botnet's current shape and provide them with information they may wish to use to filter Internet access. The information Secure Computing is compiling is generated dynamically using the firm's Trusted Source Reputation System.