Internet and e-mail policy and practice
including Notes on Internet E-mail


2007
Months
Oct

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Email


23 Oct 2007

How big is the Storm botnet? Email

The Storm worm has gotten a lot of press this year, with a lot of the coverage tending toward the apocalyptic. There's no question that it's one of the most successful pieces of malware to date, but just how successful is it?

Last weekend, Brandon Enright of UC San Diego gave a informal talk at the Toorcon conference in which he reported on his analysis of the Storm botnet. According to his quite informative slides, Storm has evolved quite a lot over the past year, with both upgrades to the underlying engine and a variety of applications, most of which involve sending spam. (If you've gotten pump and dump spam with the message in an MP3 audio file, that's Storm's latest campaign.)

Enright says that although Storm's peer-to-peer control structure makes it harder to map than centrally controlled botnets, its P2P design is relatively simple, and is similar enough to the eDonkey network that he could adapt tools designed for eDonkey to map Storm. While it's never possible to find the exact size of a P2P network since nodes are constantly going on and off line, his statistics suggest that Storm consists of hundreds of thousands of nodes, not millions. While that's a lot, it's in the same range as other botnets. What really sets Storm apart is its operators' skillful social engineering that constantly comes up with new tricks to get people to click on links that infect their Windows PCs.

The slides are somewhat technical but easy enough to follow, and are worth a look.


posted at: 23:39 :: permanent link to this entry :: 1 comments
posted at: 23:39 :: permanent link to this entry :: 1 comments

comments...        (Jump to the end to add your own comment)


Note that these numbers are only tracking "old" storm nodes that haven't managed to get updated with the newer encrypted communications module. So the numbers are unfortunately way off.

I don't think Storm is as huge as it has been, but it's still pretty powerful.

(by Matt Sergeant 26 Oct 2007 09:49)


Add your comment...

Note: all comments require an email address to send a confirmation to verify that it was posted by a person and not a spambot. The comment won't be visible until you click the link in the confirmation. Unless you check the box below, which almost nobody does, your email won't be displayed, and I won't use it for other purposes.

 
Name:
Email: you@wherever (required, for confirmation)
Title: (optional)
Comments:
Show my Email address
Save my Name and Email for next time

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
It turns out you don’t need a license to hunt for spam.
4 days ago

A keen grasp of the obvious
Italian Apple Cake
562 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse



© 2005-2020 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.