Security watchers Marshal claim the infamous Storm botnet is no more, after waning spam emails finally dried up altogether last month. Other security researchers have noted a similar decline, but warn that while the botnet is currently inactive it may yet return, possibly in a more potent form. Storm front The malware used to …
They utilised every social engineering trick in the book and invented quite a few of their own...
"They utilised every social engineering trick in the book and invented quite a few of their own"
So you're saying Facebook is actually one massive botnet? Damn, that's a lot of computers infected.
May be dead, but
The Storm botnet may be dead, but **something** is sending out an awful lot of .exe files in .zip-compressed attachments from forged addresses.
The open question
""I think the question isn't 'is Storm dead', but more like when will we see it return and what new features or tactics will it have in store for us."
Yeah for me this is the open question as well. Even if the original users of the Storm worm don't intend to use it any more, I wonder if someone won't crack the command and control and use it themselves... I assume it's still a fairly large botnet after all.
Shoulder pork and ham
Funnily enough my yahoo inbox spam has dried up in the past month or so, I used to get 150 a day! now I'm getting about 5.
Nice work on cleaning it up. I guess the lesson learned here for the criminals in question is to target Apple next time around. Plenty of users there and Apple has shown a disdain for updating against known security threats.
Closed for upgrade
So long, Storm...
You will not be missed.
I'd worry that they've simply cloaked it
If something seems too good to be true, it probably is too good to be true. The people behind Storm showed a huge leap in innovation. I'd be worried they made another such leap, and have figured out how to fly below all the Security Researcher's radars.
Words of Wisdom
"It may stop, but it never ends." - Matt Howarth
No truer words have ever been spoken, especially when it comes to spam. I hope I'm proven wrong, but this is probably just the calm before another (more massive) storm.
Spam is like buses - nothing for a while then several come along together.
So, it wasn't an increase in increasing length/girth/stamina recently but a drop in other stuff being sent.
I had noticed a drop in the 'e greetings' I was being sent but there are still a few out there.
We're just waiting for it to be reconfigured for the next natural disaster and there's no point in spamming wondershares at the moment 'cos no-one's got any money anyway.
Will it be spam being sent from all our graphics processors next? Got to be some use for all that spare processing while folks are lost in Facebook.
Re:flying below the radar
I've noticed a marked drop in spam mail across all of my accounts as well. If you call that flying below the radar, well then they can fly all they want, I don't mind.
What you might mean to say is that a new Storm II is quietly replicating itself without activating, extending its footprint and keeping mum until the day it unleashes a hurricane of spam and all security centers are drowned in data.
Now that would worry me if only for the ungodly amount of spam I'd be getting across 7 accounts.
I hope that is not what you meant.
".....274,372 Windows PCs were cleaned up using its tool during the first month alone."
And how do they know? Just once could MS do the decent thing and provide their bloody utilities without succumbing to the temptation to build in a "phone home" feature?
I'd always thought of the Malicious Software Removal Tool as evidence that at least some bits of MS were trying to do the right thing. Lesson learned here is that if it looks too good to be true, it probably is.
Bought out by MS?
Pure speculation, of course. Perhaps Microsoft bought the Storm bots to bolster their tragic security reputation? They surely have deeper pockets than random V14gr@ pushers, and they can't have spent $300 million on those damned silly commercials with BillG and Jerry.
I also have a really hard time believing that their "Last Century Tech (TM)" signature-based AV brought down a state of the art botnet.
It'd be the best advertising money they ever spent, IMO.
Don't be fooled - one only has to read this story on El Reg's site today to see how meaningless this inactivity is:
storm spam is over but not the badness behind it...they will come back or get converted into some other botnets..
With the fact that Srizbi, Rustock , Pushdo and Storm might be running by the same group of bad guys we might see it coming in other botnet form. Btw, 150, 000 zombies as the initial start is not bad for a new botnet ;).