New And Improved Storm Botnet Morphing MalwareWaledac (which was previously known as Storm) is once again spewing gads of Valentine's Day spam and malware.
Waledac (which was previously known as Storm) is once again spewing gads of Valentine's Day spam and malware.The Storm botnet, which was previously declared dead, is back. Less than a month ago, I wrote this based on research from SecureWorks:
According to a research note published by managed security services provider SecureWorks -- the Storm botnet's death last summer resulted from a combination of punches it couldn't recover: First, a number of security researchers uncovered ways to break the encryption schemes used by the bot-masters to secure their command and control functions. Yet, because the worm utilized peer-to-peer networking, it wasn't possible to totally eradicate the network this way. However, writes Joe Stewart, director of malware research at SecureWorks, the number of bot infections was hit hard -- at least cut by hundreds of thousands -- by Microsoft's MSRT (Malicious Software Removal Tool). "Storm's numbers continued to fall off over the course of 2008, before it was apparently abandoned in September," wrote Stewart.
Not so fast, as Dark Reading reports today:
Waledac -- the new and improved Storm -- is using its favorite holiday, Valentine's Day, to spread the love with signature phony greeting cards and romance-themed e-mail that Storm so infamously spread in the past. "Over the last 24 hours, we've seen over 1,000 new variants [of Waledac code]," says Pierre-Marc Bureau, a senior researcher with Eset, which expects Waledac to eventually pump out thousands of variants a day. "It was a bit lower than what we are expecting. It may not have reached many of our clients yet." That said, it's still a big jump from the around 10 new versions a day Eset had seen the botnet creating, he adds.
However, SecureWorks researcher Joe Stewart disagrees that Waledac is Storm reincarnated:
Joe Stewart, director of malware research for SecureWorks, says Storm and Waledac are completely different when it comes to code and files. "It's definitely not the same programmers," he says.
Perhaps so. But who is programming and commanding this botnet, and whether or not they're the same as those who were previously commandeering Storm isn't what is important. What is important is that botnets are a long way from being exterminated -- and that we need more proactive ways of not only detecting them: but crushing them before they can rise to a level where they can do substantial damage.