Researcher: Storm Worm botnet up for sale

October 15, 2007

Storm Worm botnet up for saleA SecureWorks researcher has uncovered evidence that apparently proves the latest Storm variants are geared towards building smaller Storm networks.

Joe Stewart, security researcher for SecureWorks, has found that the latest variants of Storm are using a 40-byte key to encrypt their Overnet peer-to-peer traffic.

“This means that each node will only be able to communicate with nodes that use the same key. This effectively allows the Storm author to segment the Storm botnet into smaller networks,” Steward wrote in this blog.

Stewart believes that this on-going segmentation is gear toward selling Storm to other spammers as an ‘end-to-end spam botnet system, complete with fast-flux DNS and hosting capabilities’.

If Storm authors really are selling their Storm networks, we might see a lot more Storm attacks.

However, Stewart disclosed that because of the new encryption scheme, “we can now distinguish this new Storm traffic from ‘legitimate’ Overnet P2P traffic.”

As long as signatures of Storm nodes are identified, the network administrator can effectively block Storm traffic through firewall policy configuration that normally allow P2P traffic.

With this development, some security efforts should now focus on identifying Storm node signatures to prevent or minimize Storm Worm attacks.

Be Sociable, Share!

Recent stories

Featured stories

RSS Windows news

RSS Mac news

RSS iPad news

RSS iPhone & Touch

RSS Mobile technology news

RSS Tablet computer news

RSS Buying guides

RSS PS3/Wii/Xbox 360

RSS Green technology

RSS Photography

Featured Content


Copyright © 2014 NS