Stormy Weather: a quantitative assessment of the Storm web threat in 2007

Raimund Genes, Anthony Arrott and David Sancho Trend Micro

The mixed web threat known as Storm is widely acknowledged as the most significant digital security event of 2007. Storm combined the global epidemic aspects of traditional viruses and worms with the stealth and economic activity of today's massive botnets.

Historically, malware outbreaks have been fast-spreading, single-purposed and soon over. Storm continued to spread for many months in successive bursts using different techniques. It sustained its potency by recruiting hundreds of thousands of infected computers into a gigantic botnet. Its purpose appears to be a service-for-hire for multiple fraudulent web activities.

The many months duration over which the Storm infection spread and its successive methods of attack provide far more data to threat researchers than past virus and worm outbreaks. Studying the development of the Storm botnet has been compared to watching an ant colony grow; whereas traditional virus outbreaks are more like studying a bomb explosion.

Conditions before the initial appearance of the Storm worm in January 2007 are compared with measurements made during the various stages of Storm's evolution throughout 2007. Storm provides a first opportunity for quantitative analysis of what may prove to be a new generation of intensive malware outbreaks.

VB Conferences

VB2010 (Vancouver)

VB2009 (Geneva)

VB2008 (Ottawa)

VB2007 (Vienna)

VB2006 (Montréal)

VB2005 (Dublin)

VB2004 (Chicago)

VB2003 (Toronto)

VB2002 (New Orleans)

VB2001 (Prague)

VB2000 (Orlando)

VB99 (Vancouver)

VB98 (Munich)

VB97 (San Francisco)

VB96 (Brighton)

VB95 (Boston)

VB94 (Jersey)

VB93 (Amsterdam)

VB92 (Edinburgh)

VB91 (Jersey)

‘There is still nothing like a VB conference!’

Poll

Who in your company is responsible for installing software patches?

Leave a comment

VB100 certification

The final VB100 of the year sees a double whammy of potential pitfalls for our comparative participants - the Vista operating system, which still seems shiny and new as well as a little scary (to both developers and users), as well as the x64 architecture, whose ostensible compatibility with standard 32-bit software belies oddities and intricacies that developers ignore at their peril. The announcement of the test brought a few surprises, as several regulars opted to skip this one, but the majority of veteran competitors took part as usual, along with several newer faces, many of whom look set to join the ranks of our regulars.
See full results.

Virus Bulletin currently has 148,287 registered users.

Fighting malware and spam