Posted Tuesday 14th October 2008 15:25 GMT
"They utilised every social engineering trick in the book and invented quite a few of their own"
So you're saying Facebook is actually one massive botnet? Damn, that's a lot of computers infected.
Posted Tuesday 14th October 2008 15:38 GMT
The Storm botnet may be dead, but **something** is sending out an awful lot of .exe files in .zip-compressed attachments from forged addresses.
Posted Tuesday 14th October 2008 15:48 GMT
""I think the question isn't 'is Storm dead', but more like when will we see it return and what new features or tactics will it have in store for us."
Yeah for me this is the open question as well. Even if the original users of the Storm worm don't intend to use it any more, I wonder if someone won't crack the command and control and use it themselves... I assume it's still a fairly large botnet after all.
Posted Tuesday 14th October 2008 17:13 GMT
Funnily enough my yahoo inbox spam has dried up in the past month or so, I used to get 150 a day! now I'm getting about 5.
Posted Tuesday 14th October 2008 17:13 GMT
Nice work on cleaning it up. I guess the lesson learned here for the criminals in question is to target Apple next time around. Plenty of users there and Apple has shown a disdain for updating against known security threats.
Posted Tuesday 14th October 2008 20:56 GMT
If something seems too good to be true, it probably is too good to be true. The people behind Storm showed a huge leap in innovation. I'd be worried they made another such leap, and have figured out how to fly below all the Security Researcher's radars.
Posted Tuesday 14th October 2008 20:56 GMT
"It may stop, but it never ends." - Matt Howarth
No truer words have ever been spoken, especially when it comes to spam. I hope I'm proven wrong, but this is probably just the calm before another (more massive) storm.
Posted Tuesday 14th October 2008 20:56 GMT
Spam is like buses - nothing for a while then several come along together.
So, it wasn't an increase in increasing length/girth/stamina recently but a drop in other stuff being sent.
I had noticed a drop in the 'e greetings' I was being sent but there are still a few out there.
We're just waiting for it to be reconfigured for the next natural disaster and there's no point in spamming wondershares at the moment 'cos no-one's got any money anyway.
Will it be spam being sent from all our graphics processors next? Got to be some use for all that spare processing while folks are lost in Facebook.
Posted Wednesday 15th October 2008 11:37 GMT
I've noticed a marked drop in spam mail across all of my accounts as well. If you call that flying below the radar, well then they can fly all they want, I don't mind.
What you might mean to say is that a new Storm II is quietly replicating itself without activating, extending its footprint and keeping mum until the day it unleashes a hurricane of spam and all security centers are drowned in data.
Now that would worry me if only for the ungodly amount of spam I'd be getting across 7 accounts.
I hope that is not what you meant.
Posted Wednesday 15th October 2008 11:37 GMT
".....274,372 Windows PCs were cleaned up using its tool during the first month alone."
And how do they know? Just once could MS do the decent thing and provide their bloody utilities without succumbing to the temptation to build in a "phone home" feature?
I'd always thought of the Malicious Software Removal Tool as evidence that at least some bits of MS were trying to do the right thing. Lesson learned here is that if it looks too good to be true, it probably is.
Posted Wednesday 15th October 2008 13:59 GMT
Pure speculation, of course. Perhaps Microsoft bought the Storm bots to bolster their tragic security reputation? They surely have deeper pockets than random V14gr@ pushers, and they can't have spent $300 million on those damned silly commercials with BillG and Jerry.
I also have a really hard time believing that their "Last Century Tech (TM)" signature-based AV brought down a state of the art botnet.
It'd be the best advertising money they ever spent, IMO.
Posted Thursday 16th October 2008 15:43 GMT
Don't be fooled - one only has to read this story on El Reg's site today to see how meaningless this inactivity is:
http://www.theregister.co.uk/2008/10/16/warezovs_second_coming/
Posted Monday 20th October 2008 14:03 GMT
storm spam is over but not the badness behind it...they will come back or get converted into some other botnets..
http://blog.fireeye.com/research/2008/10/storm-just-befo.html
With the fact that Srizbi, Rustock , Pushdo and Storm might be running by the same group of bad guys we might see it coming in other botnet form. Btw, 150, 000 zombies as the initial start is not bad for a new botnet ;).
Sign up, sign up for The Register's weekly IT security newsletter - click here
Back to the article
