Storm botnet

Storm Botnet
Technical name
The typical lifecycle of spam that originates from a botnet:
(1) Spammer's web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic
AliasDorf, Ecard
OriginRussia
AuthorsRussian Business Network (speculated)
Technical details
PlatformWindows 95, Windows 98, Windows ME, Windows XP
Preview warning: Page using Template:Infobox computer virus with unknown parameter "1 = 300px"
Preview warning: Page using Template:Infobox computer virus with unknown parameter "2 = right"
Preview warning: Page using Template:Infobox computer virus with unknown parameter "3 = thumb"
Preview warning: Page using Template:Infobox computer virus with unknown parameter "4 = The typical lifecycle of ..."

The Storm botnet or Storm Worm botnet (also known as Dorf botnet and Ecard malware[1]) was a remotely controlled network of "zombie" computers (or "botnet") that had been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At its height in September 2007, the Storm botnet was running on anywhere from 1 million to 50 million computer systems,[2][3] and accounted for 8% of all malware on Microsoft Windows computers.[4] It was first identified around January 2007, having been distributed by email with subjects such as "230 dead as storm batters Europe," giving it its well-known name. The botnet began to decline in late 2007, and by mid-2008 had been reduced to infecting about 85,000 computers, far less than it had infected a year earlier.[5]

As of December 2012, the original creators of Storm have not been found. The Storm botnet has displayed defensive behaviors that indicated that its controllers were actively protecting the botnet against attempts at tracking and disabling it, by specifically attacking the online operations of some security vendors and researchers who had attempted to investigate it.[6] Security expert Joe Stewart revealed that in late 2007, the operators of the botnet began to further decentralize their operations, in possible plans to sell portions of the Storm botnet to other operators. It was reportedly powerful enough to force entire countries off the Internet, and was estimated to be capable of executing more instructions per second than some of the world's top supercomputers.[7] The United States Federal Bureau of Investigation considered the botnet a major risk to increased bank fraud, identity theft, and other cybercrimes.[8][9]

  1. ^ Lisa Vaas (2007-10-24). "Storm Worm Botnet Lobotomizing Anti-Virus Programs". eWeek. Retrieved 4 July 2015.
  2. ^ Spiess, Kevin (September 7, 2007). "Worm 'Storm' gathers strength". Neoseeker. Retrieved 2007-10-10.
  3. ^ "Storm Worm's virulence may change tactics". British Computer Society. August 2, 2007. Archived from the original on October 12, 2007. Retrieved 2007-10-10.
  4. ^ Dvorsky, George (September 24, 2007). "Storm Botnet storms the Net". Institute for Ethics and Emerging Technologies. Retrieved 2007-10-10.
  5. ^ Keizer, Gregg (9 April 2008). "Top botnets control 1M hijacked computers". Computer World. Retrieved 24 December 2012.
  6. ^ Leyden, John (September 25, 2007). "Storm Worm retaliates against security researchers". The Register. Retrieved 2007-10-25.
  7. ^ Gaudin, Sharon (September 18, 2007). "Storm Worm Botnet Attacks Anti-Spam Firms". InformationWeek. Retrieved 2007-10-10.
  8. ^ Fisher, Dennis (2007-10-22). "Experts predict Storm Trojan's reign to continue". Search Security. Archived from the original on 2007-12-17. Retrieved 2007-12-26.
  9. ^ Coca, Rick (2007-12-18). "FBI: 'Botnets' threaten online security". Inside Bay Area. Retrieved 2007-12-27.