Internet and e-mail policy and practice
including Notes on Internet E-mail


2007
Months
Oct

Click the comments link on any story to see comments or add your own.


Subscribe to this blog


RSS feed


Home :: Email

23 Oct 2007

How big is the Storm botnet? Email

The Storm worm has gotten a lot of press this year, with a lot of the coverage tending toward the apocalyptic. There's no question that it's one of the most successful pieces of malware to date, but just how successful is it?

Last weekend, Brandon Enright of UC San Diego gave a informal talk at the Toorcon conference in which he reported on his analysis of the Storm botnet. According to his quite informative slides, Storm has evolved quite a lot over the past year, with both upgrades to the underlying engine and a variety of applications, most of which involve sending spam. (If you've gotten pump and dump spam with the message in an MP3 audio file, that's Storm's latest campaign.)

Enright says that although Storm's peer-to-peer control structure makes it harder to map than centrally controlled botnets, its P2P design is relatively simple, and is similar enough to the eDonkey network that he could adapt tools designed for eDonkey to map Storm. While it's never possible to find the exact size of a P2P network since nodes are constantly going on and off line, his statistics suggest that Storm consists of hundreds of thousands of nodes, not millions. While that's a lot, it's in the same range as other botnets. What really sets Storm apart is its operators' skillful social engineering that constantly comes up with new tricks to get people to click on links that infect their Windows PCs.

The slides are somewhat technical but easy enough to follow, and are worth a look.


  posted at: 23:39 :: permanent link to this entry :: 1 comments
Stable link is https://jl.ly/Email/storm.html

Topics


My other sites

Who is this guy?

Airline ticket info

Taughannock Networks

Other blogs

CAUCE
It turns out you don’t need a license to hunt for spam.
201 days ago

A keen grasp of the obvious
Italian Apple Cake
759 days ago

Related sites

Coalition Against Unsolicited Commercial E-mail

Network Abuse Clearinghouse

My Mastodon feed



© 2005-2024 John R. Levine.
CAN SPAM address harvesting notice: the operator of this website will not give, sell, or otherwise transfer addresses maintained by this website to any other party for the purposes of initiating, or enabling others to initiate, electronic mail messages.