Website to Track Storm Botnet
A website will display the graphic profile of Storm, which has developed into a remote-controlled botnet, ever since it started out as a worm a year ago infecting computers. The website, promoted by Secure Computing, will be devoted to tracking its moves.
Real time information will be displayed by StormTracker on TrustedSource.org, as it will bring together research from sensors installed and maintained in 75 countries.
Director, Intelligence Analysis and Hosted Security at Secure Computing's TrustedSource Labs, Dmitri Alperovitch, said that Storm had assumed the profile of a botnet adept at a multiple number of tasks, such as mailing spam, creating malevolent web pages, and executing phishing attacks, as reported by PCWorld on January 15, 2008.
The network has spread at an amazing speed through machines across the world, and is almost impossible to control, Alperovitch added.
The botnet had deployed the Storm fast-flux domain since mid-2007 to forward phishing e-mails by Derek Manky, Research Engineer at Fortinet, on January 7, 2008, according to news reported by ComputerWorld on January 9, 2008.
Manky explained that addresses get registered and deregistered quickly in the address list of a Domain Name System (DNS) server or across the DNS zone in the fast flux domain. Either way, the IP address of the originating site gets covered with the help of a constantly changing chain of machines which act on behalf of the original sender. An address, in an extreme case, can change every second.
Research by Secure Computing based on the analysis and registration of the domain name points to persons in Russia as the source of the Storm botnet.
The Spamhaus Project reports that the Storm attacked twice the number of machines during Christmas 2007, and the botnet has specifically used phishing sites to target banks in the UK, which include Barclays and Halifax.
Investigations further revealed Storm deploying selective security keys during October 2007, leading some to believe that the Storm raiders were readying to sell access to the botnet. Portions of the network are being leased for sending spam mails, strengthening the surmise that its sheer size and scope is being used for fraud and monetary gain.
Related article: Websites – The Latest Weapon in The Hands of Phishers
» SPAMfighter News - 25-01-2008