Storm Worm Rewrote the Botnet

Storm Worm Rewrote the Botnet and Spam Game
October 9, 2007
By Pedro Hernandez

There is no escaping the suspicion that spammers have been charting a cagier course in recent months. Electronic messaging managed service provider MessageLabs has noticed too.

Previously pristine inboxes are finding that image files and PDFs containing pump-and-dump stock pitches and advertisements increasingly slip through. Excel and Rich Text Format (RTF) spam have also been detected in the wild.

The cause can be summed up by one word: botnets.

Although spam has decreased from its peak in July 2004 when it accounted for a staggering 94.5 percent of the email monitored by MessageLabs -- it now hovers around 71 percent -- the monetary spoils have prompted spammers to pursue more exotic methods of keeping those coffers full.

Responsible for spewing spam and dropping the DDoS hammer on Web sites, botnets can hardly be considered an up-and-coming threat. However, a relatively new breed of botnet, spawned by the Storm worm, is proving to be tenacious adversary.

The malware has been contributing to a slight uptick in spam lately, according to MessageLabs' Chief Anti-Spam Technologist, Matt Sergeant.

"We're currently seeing a slight rise. Nothing anywhere near as huge a rise as we saw last year. But it's early days yet," he states.

Purportedly under the control of the notorious Russian spammer Zliden, the Storm-based botnet is a very different beast. First, its sheer size is immense. According to MessageLabs, Storm is believed to have infected 50 million machines, though only 10 - 20 percent of its capacity is being used.

xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx

My concern here isn't spam its a massive dos attack on net nodes, stopping all Intennet traffic.

MY take on this threat, Wnat it will look like to you.

How it could be used in counter terror op.

Gerald