Storm Botnet

 

By: Serafin Sanchez 1/29/08

 

Home

Comments

 

Storm Botnet have a life cycle which is infecting many computers and enabling this system assist the bad guys of achieving the goals. We need to help in this war by keeping our patch up-to-date and using antivirus software.

The typical lifecycle of spam that originates from a Botnet is first the spammer's web site then on to spammer then it move to spam ware on to infecting computers, virus or Trojan move mail servers, users, and web traffic.

First detected on the Internet came January 2007, the Storm Botnet and worm came about because of the storm-related subject lines its e-mail’s employed initially, such as "230 dead as storm batters Europe". Some others include "Chinese missile shot down USA aircraft", and "U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel". It is suspected by some IT security professionals that well-known fugitive spammers may be involved in the operation and control of the Storm Botnet.

Used for a variety of criminal activities by the bad guy’s storm Botnet has displayed defensive behaviors that indicated its controllers were actively protecting the Botnet against attempts at tracking and disabling it. The Botnet has specifically attacked the online operations of some security vendors and researchers who attempted to investigate the Botnet. It was revealed by one security expert, Joe Stewart, that in late 2007 the operators of the Botnet began to further decentralize their operations, in possible plans to sell portions of the Storm Botnet to other operators. Some reports as of late 2007 indicated the Storm Botnet to be in decline, but many security experts reported that they expect the Botnet to remain a major security risk online, and the United States Federal Bureau of Investigation considers the Botnet a major risk to increase bank fraud, identity theft, and other cyber crimes.

The Botnet network comprises computers running Microsoft Windows as their operating system, the only operating system which can be breached by the Storm worm. Once infected, a computer becomes known as a bot. This bot then performs automated tasks anything from gathering data on the user, to attacking web sites, to forwarding infected e-mail without its owner's knowledge or permission. The main line of defense for most computer systems versus virus and malware infections, signature-based detection, is often useless versus the Storm worm Botnet and its variants.

On September 25, 2007, it was estimated that a Microsoft update to the Windows Malicious Software Removal Tool Microsoft offer may have helped reduce the size of the Botnet by up to 20%. The new patch, as claimed by Microsoft, removed Storm from approximately 274,372 infected systems out of 2.6 million scanned Windows systems. However, according to senior security staff at Microsoft, "the 180,000+ additional machines that have been cleaned by MSRT since the first day are likely to be home user machines that were not notably incorporated into the daily operation of the 'Storm' Botnet," indicating that the MSRT cleaning may have been symbolic at best.

In conclusion, it will take all of us to fight the Botnet bad guys. Programmers can create software which may clean our PC’s but we will need to use the software.

 

Home