MSMVPS.COM

The Ultimate Destination for Blogs by Current and Former Microsoft Most Valuable Professionals.
Welcome to MSMVPS.COM Sign in | Help
in Search
Home Blogs Media Groups

Harry Waldron - Microsoft MVP Blog

Security News and Best Practices for corporate and home users

New and Improved Storm Worm botnet coming in 2008

Storm While Microsoft's MSRT facilities have cleaned hundreds of thousands of copies found on client PCs, the Storm Worm botnet continues to launch new attacks (and thankfully with fewer copies due to the diminished size now). 

Still, malware innovations continue for this highly advanced attack that mitigate spam and AV detection controls.  A high degree of security is built into the botnet (e.g., fast-flux servers and DDoS traps), which makes it difficult to locate the master servers and the malware authors themselves.   All new developments for the Storm Worm are important to follow during 2008.    

Time  New and Improved Storm Worm botnet coming in 2008
http://rbnexploit.blogspot.com/2007/12/rbn-new-and-improved-storm-botnet-for.html

QUOTE: Obviously the Russian Business Network (RBN) is working overtime during the Christmas and New Year holiday, no doubt planning for many in the ISP security and anti-spam arena to be on skeleton staff.

The key objective for the Russian Business Network (RBN) is to rebuild the Storm Botnet which is shown in various reports over the last few months, from a few million enslaved PCs to more recently a few 100,000’s. One can only further guess as to what the RBN’s main goal is to use a rebuilt Storm Botnet for, e.g. earlier DDOS (Denial of Service attack) on Estonia.

Lightning There are some interesting elements which make this new attack innovative:

-- Although much of that detected is conventional spam, however there is also a large amount of spam which is getting through many anti-spam defenses due to the use of “fake” BlogSpot (Blogger) links

-- Although most have identified as the Zhelatin Storm email worm or variant, it is also as the more recent fake codec downloads, dependent upon where the unfortunate user has come from. This now shows a “polymorphic” format, i.e. the virus or exploit has the ability to alter its signature in an attempt to combat anti-virus tools.

-- The fast-flux technique used to avoid detection in this case is actually “double-flux” characterized by multiple nodes within the network registering and de-registering their addresses. It is also safe to say this newer Storm Network has now also has improved defense mechanisms, if examined too closely.

Lightning More information related to the most recent Christmas and New Year's e-card attacks can be found here:

Only published comments... Dec 31 2007, 04:36 PM by Harry Waldron

Comments

 

Windows Vista News said:

Did you see this post at msmvps.com

December 31, 2007 12:00 PM
 

Bigger, Better Storm Worm Botnet for 2008 | Nellie2 said:

Pingback from  Bigger, Better Storm Worm Botnet for 2008 | Nellie2

January 1, 2008 12:42 PM
 

turkeydance said:

ok. here's my bet. the Internet dies in 2008.

or dies "enough" to scare away 80% of users.

there's site allowing one to gamble on the death

of famous people. i bet on the Internet.

January 2, 2008 5:46 PM

Leave a Comment

(required) 
(optional)
(required) 
Submit

This Blog

Syndication

Recent Posts

Archives

Personal Links


Copyright © is the original authors. Blog site is an independent site not sponsored by Microsoft. The Yoda blog server and the Brianna SQL server would like to thank www.ownwebnow.com and www.exchangedefender.com. They wouldn't be here and broadcasting without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems