Jump to content
Sign in to follow this  

Storm Worm: The energizer bunny of botnets

Recommended Posts


Storm Worm: The energizer bunny of botnets


Date: August 5th, 2008

Author: Michael Kassner


It appears that the Storm worm is making a comeback. I first made mention of this botnet maker in the article “Kraken: The Biggest, Baddest Botnet Yet,†where I explained how Storm was losing its grip as being the largest botnet in history to Kraken and Srizbi as the second largest.


Well, Storm developers have added a few new twists to their arsenal and are seeing a resurgence in the size of their botnets. Therefore it’s very important to not become complacent about this type of malware as it relies on social engineering to propagate. I’d like to take a few moments to go over the process so we’re all clear on how the infestation occurs.

How my computer became a zombie:


Let’s follow the process of becoming infected with Storm and the aftereffects:


1. I receive an e-mail informing me that the attachment contains some very important information. Not knowing any better, I open the attachment.


2. I was just conned. The attachment has the Storm trojan/bot client hiding in it. My computer is now infected and just became part of a botnet. The scary part is that this all happened without my knowing it.


3. What’s worse is that my AV application is useless as Storm’s code changes constantly, so any AV signature is out of date within an hour.


4. My computer now follows the bidding of the “botmaster,†which normally means it’s going to be used as a spam relay. There are other more malicious activities, such as “distributed denial of service attacks,†but botnets are usually for hire and spamming is a lucrative business.


That’s one scenario and as botnet malware matures other more sophisticated attack venues are introduced. For instance, the delivery mechanism used by the Storm worm changes regularly. It starts out as PDF spam progressing to links for e-cards or invites to Web sites.


The worm developers will try any method possible to entice users to click on a phony link or attachment. The initial e-mail used by Storm also morphs. There are new subject lines and body text that refer to relevant news or issues — any way to subjugate human nature.


The willingness to prey on human nature is why Storm is back in the news. It’s propagating successfully using an e-mail with a subject line of “FBI May Strike Facebook†or “The FBI has a new way of tracking Facebook.†It appears that once again the developers have touched on a chord of human nature and are getting a decent infection rate.


Final thoughts


I could spend all sorts of time on the intricacies of how each of the top three botnets work or how successful they are at evading detection, but that wouldn’t help.


This article is my regular attempt at making sure all of us are cognizant of the need to be web-savvy, always questioning whether that link or attachment makes sense. Doing so will go a long way to reducing the amount of spam we receive. This certainly includes me, as I’ve been very close to becoming an unwilling botnet member myself.


Source: techrepublic.com

Share this post

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • Create New...