ATLANTA -- SecureWorks, the largest managed information security services provider safeguarding 1,800 clients and more financial institutions than any other vendor, announced today that it has seen an onslaught of Storm Worm attacks in the last two months. From the first of January to the end of May, we only saw 71,342 Storm attacks, said Joe Stewart, Senior Security Researcher for SecureWorks. However, since June we have blocked 20,200,101 Storm attacks.
The number of unique, infected hosts (bots), from which the attack is being launched by email, has also increased dramatically, said Stewart. They went from 2,815 in the beginning of 2007 through the end of May to a total of 1.7 million for the months of June and July.
Storm Botnet Might Be Used for Attacks
Storm has historically been used for spam but the hacker, controlling the trojan, has amassed so many infected hosts in the botnet that its network can easily support activities other than spamming, said Stewart. We dont know the motive of the Storm author; however one possible theory could be that the hacker plans to use the trojan for more malicious activity than sending spam. It could be that the hacker is rapidly building up the botnet so it can be leased to other hackers so that they can launch massive attacks against whatever target they choose: an organization, country, etc. More than ever, it is critical that organizations and home computer users put protections in place to block the Storm Worm trojan.
How to Protect Against the Storm Trojan
For corporate computer users, as well as home computer users, the best defense is to be aware of the scams connected to the Storm trojan, which include emails containing links leading to fake e-Cards from family members and friends, news stories highlighting catastrophic events, etc.
The Storm trojan relies on social engineering as its best ally so it is really important that computer users keep their guard up and be suspicious of any unsolicited email containing an attachment or a link, continued Stewart. Even if it mentions something you are familiar with or promises some sort of critical data, always check with the sender to see what it is and why they sent it.
Another way computer users can protect themselves from the Storm trojan is to block peer-to-peer networking. When the Storm trojan runs, it attempts to link up with other infected hosts via peer-to-peer networking, said Stewart. If that function is blocked, then the users computer cannot become a part of the Storm botnet.
In order to fully protect ones corporate computer users from these threats, organizations must engage an in-house security team or a managed security services firm. These teams employ experts who can track and block threats coming in via email, the web or instant messaging based on their wider view of Internet traffic and their expertise in these kinds of scams.