Home / Blogs

How Big is the Storm Botnet?

John Levine

The Storm worm has gotten a lot of press this year, with a lot of the coverage tending toward the apocalyptic. There's no question that it's one of the most successful pieces of malware to date, but just how successful is it?

Last weekend, Brandon Enright of UC San Diego gave a informal talk at the Toorcon conference in which he reported on his analysis of the Storm botnet. According to his quite informative slides, Storm has evolved quite a lot over the past year, with both upgrades to the underlying engine and a variety of applications, most of which involve sending spam. (If you've gotten pump and dump spam with the message in an MP3 audio file, that's Storm's latest campaign.)

Enright says that although Storm's peer-to-peer control structure makes it harder to map than centrally controlled botnets, its P2P design is relatively simple, and is similar enough to the eDonkey network that he could adapt tools designed for eDonkey to map Storm. While it's never possible to find the exact size of a P2P network since nodes are constantly going on and off line, his statistics suggest that Storm consists of hundreds of thousands of nodes, not millions. While that's a lot, it's in the same range as other botnets. What really sets Storm apart is its operators' skillful social engineering that constantly comes up with new tricks to get people to click on links that infect their Windows PCs.

The slides are somewhat technical but easy enough to follow, and are worth a look.

By John Levine, Author, Consultant & Speaker. More blog posts from John Levine can also be read here.

Related topics: Malware, P2P, Security, Spam, Telecom

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Is Your TLD Threat Mitigation Strategy up to Scratch?

i2Coalition to Host First Ever Smarter Internet Forum

Encrypting Inbound and Outbound Email Connections with PowerMTA

Resilient Cybersecurity: Dealing with On-Premise, Cloud-Based and Hybrid Security Complexities

Verisign Releases Q4 2015 DDoS Trends - DDoS Attack Activity Increasing by 85% Year Over Year

Best Practices from Verizon - Proactively Mitigating Emerging Fraudulent Activities

Sponsored Topics

Verisign

Security

Sponsored by
Verisign
Afilias

DNS Security

Sponsored by
Afilias
Port25

Email

Sponsored by
Port25
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services