Storm botnet takes advantage of Valentine's Day | 21 Feb 2008 | ComputerWeekly.com
Storm botnet takes advantage of Valentine's Day
Author: Ian Grant
Posted: 17:17 21 Feb 2008
Just over a year since it was first detected, Storm, the blended malware attack, looks like becoming a major vehicle for criminals, say malware researchers.
After months of relative dormancy, traffic generated by the Storm botnet ramped up just before Valentine's Day to peak at between 4% and 5% of internet traffic, said researchers at e-mail hosting service MessageLabs, and security supplier Kaspersky Labs.
Dan Hubbard, vice-president of security research at Websense, said most Storm traffic in the past month was phishing messages. The messages tried to lure recipients into opening e-mails with subject lines such as Love Rose, Just You, I Love You, Lovetrain, My Heart, Poem About Us, Sweetest Things Aren't Things!, Valentine Day and Valentine Dad.
ADVERTISEMENT
The e-mails contained links that apparently went to a Valentine e-card or song that the supposed beloved had chosen. Clicking on the link may well have delivered a card or song, but it also installed malware on the user's PC to capture keystrokes, load viruses, copy and transmit or delete files, and enrol the PC as part of Storm's botnet.
Storm uses social engineering techniques - typically temptation and falsely based trust in unsolicited e-mail messages - to lure people to infectious websites. Once a visiting PC is infected, the code hides itself on the user's PC. Using a variety of methods it then goes on to infect and remember other PCs, thus setting up a peer-to-peer botnet.
Each infected PC carries the entire Storm malcode. This means there is no central "mothership" to detect and keep off the internet. Once the botnet is set up, the owners can seed infected PCs with a malcode program to capture keystrokes, copy, transmit or delete files.
Botnets can be hired by anybody.
Several researchers suggested this Valentine's Day was the first example of botnets being hired by criminals on a large scale. In effect, Storm is becoming the virtual internet service provider for the criminal class, they say.
According to Hubbard, Storm's success rate has been remarkable around one in three messages resulted in an infection, making it attractive to criminals.
Graham Cluley, senior technology consultant at Sophos, an IT security company, said Storm's owners are now showing less care in coding, despite the huge number of variations they have brought out. This was a symptom of Storm's maturity as a product. "It is almost as if they always have another version in the pipeline. It is now about driving cost down and getting the job done," he said.
Cluley said what distinguished Storm was the "ferocity" with which its developers have combined different techniques to make Storm a means to make money. They do this by renting it to criminals who sell pornography or counterfeit products, extort money from banks and gambling companies whose website they block, and who steal personal details to commit fraud, among others.
Almost all the Storm traffic comes from as many as a million home PCs connected to broadband networks, researchers said. The chances of cleansing them all are remote. That means Storm may have become pervasive, said Mark Murtagh, technical director of Websense.
Its pervasiveness, its persistence, its technology and its management make Storm impossible to defeat purely with technology, researchers say. Because Storm depends on people clicking to connect to an insecure website, users will have to stop doing that, and law enforcement and police have to trace and arrest the Storm gang, they say.
But there is no globally enforceable legal injection against developing products such as Storm, Murtagh said. "We have to hope that the criminals break some other law connected to pornography, paedophilia, counterfeiting or gambling so that the police can act."
Researchers note that Storm's owners "have a life" outside computers. All Storm attacks to date have related to social events such as Valentine's Day, New Year, and news. "The Olympics promises to be huge (for Storm)," said Hubbard. Then there's Easter, the US election, and ad hoc news events.
So far, the attacks have related to Western social events, and English in particular. But as home computer populations grow in India, China and Eastern Europe, Storm is likely to find fresh markets.
Corporate networks, which are better defended than home PCs, contribute relatively little Storm traffic. That does not mean chief information security officers can sleep easy. Any staff member who uses a home PC for work could inadvertently introduce the malware to the company. The company still needs to protect both entrance and exit points on its networks, and staff and their family need to practise safe surfing.
Related Tags
1. botnet takes
2. capture keystrokes
3. kaspersky labs
4. love rose
5. mark murtagh
6. storm botnet
7. storm traffic
8. takes advantage
9. valentine dad
10. valentine day
Send to a friend Print
Project Management
MoreNews
* IT is boring say graduates
* IT staff wasted on non-strategic ‘chores’
* What did Bill Gates ever do for me: IT managers speak out
* JD Sports signs Pasporte to manage IT applications
MoreResearch
* Video: Security experts Bruce Schneier and Ray Stanton on the human side of security
* Podcast: Accenture CIO Frank Modruson on how to exploit the power of social networking within the business
* Bill Gates: looking back on the road ahead
* Podcast: IT department facing extinction, says CapGemini CTO
ADVERTISEMENT
Author Profile
Ian Grant Email Ian articles by Ian
Related Content
* CW Articles
* Web Content
* The future of the home PC
* Storm botnet breaks but malware surges
* PC users' passwords habits leave them vulnerable
* My PC's so old it wears flares
* Valentine worm spreads rapidly
* Valentine's Day deliveries: Vendor managed inventory prevents broken hearts
* Write a Review : The importance of an efficient supply chain for Valentine's Day
* Storm botnet takes advantage of Valentine's day
* Console -vs- PC: reader comment from mikalg - CNET News.com
* FBI warns of Valentine's Day 'Storm'
Featured Blog
Another day, another laptop lost Recent repots of laptops lost by doctors stolen from hospitals appear to indicate that medical...More All blogs
ADVERTISEMENT
Click Here
SPONSORED LINKS
Products & Services
* RSS
* Email Newsletters
* Alerts
* Digital Magazine
* Blogs
* Webinars
* Videos
* Podcasts
* Whitepapers
© Reed Business Information Ltd About us|Contact us|Advertise|Terms & Conditions|Disclaimer|Privacy policy|Sitemap|RBI Jobs
No comments:
Post a Comment