1.7 milion zombies made by Storm worm. The e-greetings worm.

Adware - Spyware : 1.7 milion zombies made by Storm worm. The e-greetings worm.

Posted by Max on 2007/8/9 2:01:11 (1549 reads)

The botnet built by Storm worm has increased dramatically to include 1.7 million zombies (infected computers) according to security services provider SecureWorks, who state that although the network has so far been primarily used to send spam, it could also be used for DDoS attacks on businesses or even countries.

According to security researcher Joe Stewart, between January and May of this year SecureWorks has seen over 71,000 attacks involving the storm worm. Since June, however, the company has prevented more than 20,000,000 attacks.

There has also been a dramatic increase in the number of infected computers from which e-mail attacks were sent. Whereas from the start of the year to the end of May just under 3000 computers were infected, in June and July, the number of drones increased to 1.7 million. SecureWorks speculates that the botnet operator has built such a large network in order to be able to hire it out to other hackers or perform attacks.

McAfee have described the enormous increase in the number of infected computers to social engineering tactics used by malware authors, who, for instance, have sent out apparent greetings card e-mails with infected attachments or links to websites carrying the malware. Antivirus software vendors are working on the assumption that the storm worm botnet is behind recent spam e-mail carrying a RAR archive containing a text file as an attachment.

According to McAfee, current versions of the malware use unusual tactics to gain a foothold within systems. Rather than simply implanting themselves in the registry using startup entries, the current versions infect the tcpip.sys file and append code for loading the malware to the driver. McAfee talks of an increasing trend of malware using this kind of file infection mechanism to get loaded after a reboot.

To protect from the worm, SecureWorks recommends exercising caution with e-mails claiming to contain greetings cards or warnings of impending catastrophes, either as attachments or as links. Users should also block peer to peer traffic, as the storm worm connects to other botnet drones using the eDonkey protocol.

SecureWorks does not, however, provide any instructions on how this can be done. The eDonkey protocol is not limited to specific network ports. Additional tips on dealing with e-mails safely and on protection from malware infection can be found on heise Security's anti-virus web pages.

Previous article - Next article

Other articles
2010/3/18 8:07:31 - Panda Cloud Antivirus Receives ICSA Labs' First Cloud-Based Certification
2010/3/17 15:49:34 - Open-Source Email Security Taken To The Next Level at WebhostingDay
2010/3/17 15:18:40 - McAfee Warns ABout Scareware or Fake Antivirus Software
2010/3/2 5:22:13 - VeriSign and AVG Will Integrate VeriSign Trust(TM) Seal Within AVG LinkScanner(R)
2010/3/1 7:36:12 - New Stealth Software Protects P2P Users From Lawsuits by Copyright Holders
2010/2/24 13:55:16 - New State of The Art Firewall By Palo Alto Networks
2010/2/24 13:50:26 - Beware of Fake Antimalware Programs Like PCsProtector
2010/2/24 13:38:02 - New Registry Cleaner Guide Helps Your PC Perform Faster
2010/2/3 7:32:43 - PC Login Now (Full version) Available Now For Free.
2010/2/3 7:11:57 - Mitto Named One of 20 Top Web Applications

The comments are owned by the poster. We aren't responsible for their content.