Record-breaking 'Storm' linked to spam surge

Storm, the Trojan that Hoovers PCs into hacker-controlled botnets, roared back into life last month in several waves, security researchers said Monday, and has blown by 2005's Sober to become the most prolific e-mail-borne malware ever.

Other stories on this topic
Security vendors shun idea of liability 8/14/2007
Symantec patches critical Norton flaw 8/9/2007
Symantec connects e-discovery software to third-parties 8/9/2007
Powered by Inform
RSS feed

"This is the biggest since Sober in mid-to-late 2005," said Sam Masiello, the director of threat research at MX Logic, referring to a long-lasting worm whose variants struck repeatedly in the second half of 2005, often in extremely high numbers. In November 2006, for instance, e-mail filtering companies reported malware-laden e-mail counts spiking 1,500% in a week, and said they were intercepting four times the usual number of infected messages.

Read the latest WhitePaper - Research Brief: How Websense Users Protect Data

According to MX Logic, Storm -- a bot Trojan that collects compromised computers into large networks of ready-to-use PCs -- has broken Sober's records. Thanks to Storm, the Englewood, Colo. managed e-mail security vendor tracked a July jump in malicious e-mail of 1,700 percent over June.

Storm, however, is much more malevolent than Sober ever dreamed. "Not only is it designed to propagate more copies of Storm, but it releases huge quantities of spam," said Masiello.

Security analysts, Wood and Masiello among them, have been drawing a line between Storm's success and spam outbursts of July and August, including one that dropped impressive quantities of "pump-and-dump" stock scam mail in mailboxes worldwide. "Certain Trojans are specifically written not only to make their own botnet larger, but to propagate specific types of spam," Masiello said.

Other researchers are also convinced that Storm is directly related to the jump in spam users saw in July, and are still seeing now. "Looking at the network traffic overall, where [malware] is being hosted, I think it's almost certainly a cause and effect," said Paul Wood, senior analyst with MessageLabs. "The Storm botnet is one of the most successful we've seen in recent times. And now that's paying off, from [the hackers'] perspective."

Storm started to gather steam near the end of June, when several spasms of mail posing as greeting cards reached users, and reach critical mass just before July 4, when holiday subject lines tempted even larger numbers of users to click through. "Storm's using more of a 'pull' than a 'push' model now," said Masiello. Earlier Storm bot-building campaigns had come with attachments that when run hijacked the targeted PC. More recent attacks simply offer up a link in the e-mail; when users click on the link, code on the ensuing site -- actually, often several exploits that try several vulnerabilities until one works -- snatches the PC.   

1 | 2 |  Next >

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.
Recent News:
· Google comes in fourth on top 10 list of spam enablers
· The CAN-SPAM Act as a warning
· The State of Spam: What to Expect in 2009
· Twitter hit with phishing scam
· Psychic predictions for tech in 2009
Site Map | Recent News | Related Sites

Copyright © 2006 EmailSafety.net - All Rights Reserved.