Storm Botnet Ebbing, Says UC San Diego Analyst
- By Paul McCloskey
- 11/08/07
An Oct. 20 presentation at the ToorCon hacker conference by Brandon Enright, a computer security researcher at the University of California, San Diego, struck a nerve in the CS community by concluding that the notorious Storm Worm could be losing steam.
"The size of the network has been falling pretty rapidly and pretty consistently," Enright told the conference during his presentation, which was titled, "Exposing Storm."
The Storm worm emerged in January as one of the first pieces of malware to use a P2P network for command and control, Enright said in his presentation, "making it one of the most resilient bots ever." The lack of a centralized command and control has made it highly resistant to countermeasures, he said.
Enright said the extent of the Storm network has been unscientifically reported by media outlets as between 1 million and 50 million bots. "Fortunately, most of these estimates are inaccurate or completely wrong," according to his presentation.
Since July, when a a concerted e-mail attack infected an estimated 1.5 million PCs, Storm has ebbed somewhat.
Enright ascribed this to aggressive work by anti-virus vendors. In particular, Microsoft Corp.'s addition of Storm detection in September to its Malicious Software Removal Tool put a "measurable dent" in the network, Enright reported.
Read More:
About the Author
Paul McCloskey is contributing editor of Syllabus.