Sale of Storm Botnet could Result in More Worms
The malicious Storm Worm created botnet, which has caused immense misery for the world's IT community, is apparently placed for sale.
Storm infected PCs during last week employ a key of 40-byte to encrypt Overnet traffic, according to senior researcher Joe Stewart for SecureWorks, the firm that provides security software and services. Overnet is a P2P (Peer-to-Peer) protocol that is used to connect individual bots to other compromised PCs. Channel Register reported this on October 15, 2007.
The Storm botnet contains computers between 250,000 to one million, according to Stewart's estimate. The change relating to the encryption technique divides the botnet into smaller segments so that each node in the resultant networks knows what password to use to decrypt traffic sent through Overnet.
Stewart believes the system could be a way to make the spam botnet an 'end to end' system by selling it to other interested spammers. And this new set up would be complete with hosting capabilities and fast flux DNS. If that happens, then the future will have a lot more Storm, Stewart wrote. SecureWorks reported this on October 15, 2007.
Storm entered the Internet in January 2007 with a flood of e-mails giving news about a storm that plundered Northern Europe. A number of the e-mail recipients got their computers infected with a Trojan that added their machines to a botnet. Cyber criminals used that botnet to spam mails and launch 'Distributed Denial of Service (DDoS)' attacks, which flooded the servers with so much data that they became unmanageable.
Ever since Storm was introduced, there have been incidents of attacks in constantly changing forms. These included spoof e-greeting card messages, pump and dump stock scam, and e-mails that offer romantic feelings or racy pictures. The Storm botnet that operates using a peer-to-peer technology is difficult to eradicate with the help of traditional techniques that are only effective for a network having a central control and command server.
Some ideal estimates based on outcomes from the use of Microsoft's malware removal tool indicate that the Storm Worm could have infected between 1 and 10 Million PCs around the world.
Related article: Sale of Hacking Toolkits Enable Novices to Enter Cybercrime
» SPAMfighter News - 30-10-2007