Precocious Storm Turns One

Carl Weinschenk

To non-experts -- and, perhaps to experts as well -- it seems that all security vulnerabilities are somehow related. Peel the onion deeply enough, and viruses, worms, botnets, phishing, pharming, Trojans and all forms of scary things end up in the conversation.


That comes to mind as we pass an unpleasant anniversary of sorts. Earlier this month, we "celebrated" the Storm botnet's first birthday. Storm and other botnets, such as Nugache and Celebrity, bring all of these various forms of bad news into the conversation because they are just a delivery mechanism -- an increasingly sophisticated and ominous delivery mechanism. The payload can change, depending on what the user -- increasingly, a client of the bot herders -- calls for.


This Computerworld piece offers views of several researchers on the botnet. David Emm, a consultant with Kaspersky Labs, points to Storm's use of a peer-to-peer instead of more easily combated Internet Relay Chat (IRC) command and control structure as a key adjustment by the bot herders. Ashar Aziz, CEO of FireEye, also cited the significance of botnet's move to P2P control last week in an IT Business Edge interview.


The second significant element of Storm is the number of variants it produces, Emm says. Computerworld also spoke to Trend Micro's Jamz Yaneza, who points to the timeliness of Storm's spam, which shift fluidly depending on holidays and news events. However, SecureWorks' Joe Stewart was a bit dismissive. Storm, to him, is just another botnet -- but one that has captured the imagination of the press.


ESET, a security firm in Bratislava, has released its 2007 Global Threat Report. The report, described at, attests to the effectiveness of botnets. The keepers of the Storm botnet, which has emerged as the highest-profile of several competing botnets, closely monitor its progress and release updates as required. The firm said that both Microsoft Windows and Apple's Mac OS X were attacked last year. says that SecureComputing has established a Storm research portal that uses inputs from a 75-country sensor network. The real-time information is quite specific. For instance, the portal determined that Storm, which the firm says apparently is run from Russia, recently has launched phishing attacks against the Bank of Nova Scotia and Barclays Bank. The goal of the StormTracker is to provide security managers with information they can use to refine their filtering efforts in a real-time manner.


The bottom line is that the illicit economy that has developed around botnets means they will proliferate in number and grow in size. The folks who run them will use increasingly sophisticated methods. Aziz says botnets are competing against each other. That's good news, in a way, since there is no honor among thieves and they no doubt will try to sabotage each other's bot. But in the bigger picture it is not a good sign: Competition means more folks recognize there is money to be made and are bringing their intelligence and money to the table.

Add Comment      Leave a comment on this blog post

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.