New Storm worm may not last long

The new variant is based on old code but does not appear to be as robust

Jeremy Kirk (IDG News Service)
29 April, 2010 00:55
Comments

A new variant of the Storm worm has emerged, but it does not appear to be as well-designed as its older relative, according to computer security researchers.

The Storm worm first appeared in early 2007 and spread quickly, making it one of the most prolific and widespread worms ever. Once it infected people's computers, the worm sent million upon millions of spam messages.

The Shadowserver Foundation, which tracks botnets, first received a sample of the new version of the worm on April 13, said Steven Adair, via instant message.

The worm was then reverse-engineered by the Honeypot Project, which studies threats on the Internet. The new worm was found to be based on the old code, but some of the elements that made Storm difficult to disrupt were gone, according to a blog post from the organization.

The new Storm doesn't communicate using a peer-to-peer system, a decentralized way to have computers infected with the code communicate with each other and receive new spam instructions. That may be because researchers have been effective in disrupting peer-to-peer botnets, Adair said.

The new Storm communicates via HTTP traffic, but it is programmed to receive instructions from one IP (Internet Protocol) address hosted by a server in the Netherlands. The ISP hosting that server has been contacted, Adair said.

Since it is receiving instructions from just one IP address, it means the new Storm may not last that long, Adair said. It is also not employing fast flux, which allows an administrator to quickly point a domain name to a new IP address, making it harder to shut down.

The new Storm "doesn't seem as resilient as the older version," Adair said.

It's not known how many computers may be infected with the new Storm. Computers are believed to be getting infected through drive-by downloads, where a Web site attacks a user's computer looking for software vulnerabilities in order to deliver malicious software.

Adair said those Web sites delivering Storm via Neosploit, a toolkit used to attack a computer several different ways.

The worm is sending out pharmaceutical, adult dating and celebrity-related spam messages, wrote Ricardo Robielos III, a research engineer with CA. He wrote it was sending out a "massive" volume of spam to targeted recipients.

Nominations for the 2012 ARN IT Industry Awards open on Tuesday, June 12.

Bookmark this page
Share this article
- facebook
- slashdot
- digg
- Reddit
- stumbleupon
- linkedin
- twitter
Got more on this story? Email ARN
Follow ARN on twitter

More about: CA Technologies

References show all

Comments

Post new comment

Share
Share this article
- google+
- facebook facebook
- slashdot slashdot
- digg digg
- Reddit Reddit
- stumbleupon stumbleupon
- linkedin linkedin
- twitter twitter
print
email
Bookmark

Related Coverage

Related Whitepapers

Latest Stories

Community Comments

"I would not recommend Aranez iPad case or the manufacturer. I purchased ..."

PRODUCTS: Aranez announces K-Leather iPad 2 case
"Slt peut tu expliquer comment intaller ou mettre en place le mteur ..."

Italian mathematician prepares to challenge Google
""Amsellem said Facebook, flush with cash from its recent IPO, could purchase ..."

Facebook could buy Nokia to build 'FacePhone', expert claims
"Anxiety is a normal part of life but when it becomes excessive ..."

It's not all Doom at new media conference
"This article touches on some of the points of Cloud security. Seems ..."

Tech Watch: Who watches the datacentre?

Tags: botnets, security, storm worm

ARN Directory | Distributors relevant to this article

Aquion , Express Data , Leader Computers , Topstar Computer International

ARN Directory | Vendors relevant to this article

Most Read

Get exclusive access to ARN's news, research and invitation only events.

Latest Jobs

FTQM Trainer and ConsultantNSW
FTSAP Basis ConsultantNSW
FTSales Account ManagerNSW
FTSales Account ManagerNSW
CCSAP FICO ConsultantNT
CCOBIEE ConsultantWA
CCSAP PM ConsultantNSW
FTIT Account Manager - System Integrator - Career Progression - Start ImmediatelyNSW
FTSAP Basis ConsultantACT
FTChange Management ProfessionalsNSW
CCAPAC Campaign ManagerNSW

Most Commented

ARN Distributor Directory

Find distributors by name | vendor | location

Channel Deals

Transition Systems Australia

Polycom

More details »

ARN Vendor Directory

Find vendors by name | category

iAsset is a channel management ecosystem that automates all major aspects of the entire sales,marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Featured Resources

Red Light In the Control Centre Saves Hours of Chaos

First Focus’ core business is supporting customers’ networks, technical infrastructure and staff. While technical emphasis is on Microsoft server and workstation environments, many clients also run hybrid Mac, Linux and Unix environments, and First Focus has significant expertise in seamlessly integrating these technologies with Microsoft-based networks.

Most Popular Resource Papers

Market Potential-Strategy Guide to the Active Archive Market

The active archive market is a growing segment where tape is seen as part of a disk or network fileystem. This means that to an end user disk and tape are “blended” and whether file is held on disk or tape is “invisible” to the end user. The active archive market is the fastest growing space in the storage industry and allows direct end user access to tape through a file system front end.

Popular tags: Business Management, Security, Data Centre, Storage, Master Data Management