Storm: The largest botnet in the world?

Researchers say the Storm malware may be the world's "most productive" virus, with more than 1 million PC infections

Storm may not be the most creative or malicious piece of malware ever written, but it's on track to become the most productive threat; researchers' recent estimates put the number of PCs it has infected at more than 1 million.

First showing up on researchers' radars about a year ago, Storm is defined by some as a worm, others as a Trojan Horse.

Though it has gone by many names, Storm -- referring to the spam blasts it's been behind that mention storms -- has stuck.

Although Storm doesn't use any particularly inventive or malicious techniques, such as erasing files on a hard drive or recording keystrokes to capture passwords and personal information, it has gained notoriety through its writers' ability to update and adapt both the malware's code and the spam blasts that lure people to become infected with it -- all with the purpose of building a giant botnet.

"Storm is a very aggressive worm," says John Levine, president of consulting firm Taughannock Networks and co-chair of the Internet Research Task Force's Anti-Spam Research Group. "It's interesting because it uses a [peer-to-peer] control structure that makes it hard to kill."

Most threat watchers say no one knows who is behind Storm, but Finnish antivirus maker F-Secure, which takes credit for giving Storm its name, says a group called the Zhelatin Gang is responsible and whom the company believes is operating out of Russia. F-Secure also says that Storm is the largest botnet in the world with just more than 1 million infected PCs; however, other researchers say there's no way to know how many PCs have been infected.

Compared with highly destructive pieces of malware such as Slammer and Blaster that took down many computers and services, Storm sticks to mostly sending out spam and occasionally launching distributed denial-of-service (DoS) attacks, particularly against security companies that research the malware. But because of its size, Storm's potential for harm is serious, says Patrik Runald, technical manager at F-Secure.

"As [Storm's owners] have roughly 1 million computers under their control, we do have to take the threat of them attacking critical networks very seriously," he says.

How Storm attacks

The way Storm secretly installs itself on PCs is via spam, but typically Storm is not carried by the message; instead the message attempts to get the recipient to visit a Web site that downloads the malware. It's hard to avoid Storm-related spam, which was particularly active in late summer and shows no sign of stopping. These spam blasts take advantage of whatever the malware's owners think would most entice recipients to click on the embedded link to a Web site purportedly related to the e-mail's subject -- be it a recent event such as the start of the football season or pop culture items such as computer games or a YouTube video clip.

Whoever owns Storm is "certainly in tune with American society," says Roger Thompson, CTO of Exploit Prevention Labs. "They're probably European -- their command of English is not perfect -- but they understand American culture quite well."

If recipients of Storm-backed spam click on the link, they are taken to a Web site that automatically downloads Storm if their browsers don't have the most recent patches installed, researchers say. If visitors to the infected Web site do have an up-to-date browser, the site will ask them to click on a few links (with social-engineering queues such as "to download software for viewing your e-card greeting, click here") that allow Storm to circumvent current patches and install itself.

"Nobody's patched against social engineering," says Ben Greenbaum, senior manager of Symantec's Security Response team.

Once Storm is downloaded onto a PC, it turns that computer into part of its botnet, an army of compromised PCs that can be controlled remotely without the owner realizing it.

And that's where the profits come in; researchers believe the people behind Storm make money by renting out portions of their botnet. Members of Storm's botnet can be turned into spam servers, so organizations looking for an untraceable way to blast spam will rent space on these compromised PCs; when the spam sender's IP address is investigated it leads back to the member of the botnet, not the actual spammer.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Cara Garretson

Network World
Show Comments

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

David Coyle

Brother PocketJet PJ-773 A4 Portable Thermal Printer

I rate the printer as a 5 out of 5 stars as it has been able to fit seamlessly into my busy and mobile lifestyle.

Kurt Hegetschweiler

Brother PocketJet PJ-773 A4 Portable Thermal Printer

It’s perfect for mobile workers. Just take it out — it’s small enough to sit anywhere — turn it on, load a sheet of paper, and start printing.

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?