Home : Networking : News

Storm botnet still spamming through 2008

Although more than a year old, the flexibility of the Storm botnet means it is continuing to be a serious problem for the end-user.

By Asavin Wattanajantra, 2 Apr 2008 at 14:40

gallery

The Storm botnet is alive and well, thriving across millions of computers and continuing to cause problems with spam and malware.

According to a MessageLabs report, the Storm botnet was responsible for 20 per cent of all spam in the first quarter of 2008.

The security vendor also intercepted more than four million emails from the Storm botnet since January, which either contained links to malware or were aimed at launching phishing attacks.

"Storm's focus on spam seems to be just the tip of the iceberg as emails containing malware and phishing attacks from the Storm botnet are now growing in numbers," said Mark Sunner, MessageLabs' chief security analyst.

The report findings indicated that the Storm botnet was being broken up, which allowed controllers to take separate parts and choose whether it wanted to send out malware or spam depending on the criminal's business model.

"One of the big factors about the Storm botnet is the peer to peer approach, which means it's much more difficult to disrupt the botnet from a security research point of view," said Message Labs' senior analyst Paul Wood.

"It's also not just a mail sending engine. You can also use it for hosting websites, launching denial of service attacks and hosting DNS services as well," added Wood. "It is very flexible in terms of what it can be used for."

Wood advised end-users to be very careful about what they were clicking when it came to email. Also, he said to be aware to what security measures they would be able to take, such as implementing firewalls and making sure businesses were up to date with patches and anti-virus software.

He also advised users to be aware of social engineering attacks. Wood said: "Some targeted attacks will use information gathered from other areas of the internet to make the dressing up of the malware attacks more convincing."

The report said that 11 per cent of companies were now blocking access specifically to Facebook compared to three per cent who have pro-actively set up rules to allow access.

"Businesses are now becoming wise to the possible impact of social networking and pro-actively raising their defence barriers against data loss, threats and employee productivity," said Sunner.

"Moreover, the possibility of spoofing Facebook accounts is no longer an impossible notion and may be the next major aspect in identity theft," he added.