Storm botnet evolution hints at spam and DDoS renting
Latest change in tactics could mean zombie clusters for hire.
The latest twist in the long-running 'Storm' saga, the use of encryption in communications between infected hosts and command-and-control systems, has led to widespread speculation that the ever-growing botnet being built up by the criminals behind the attack is being split into segments in preparation for renting out as a spam or DDoS tool.

A blog entry by a researcher at SecureWorks, describing the use of encrypted traffic in the Overnet/eDonkey P2P protocol used by the latest waves of trojans, suggests that the segmented network would be a formidable weapon for hire, with a full range of functionality and self-defence mechanisms.
While there have been some suggestions that the latest changes make the Storm traffic easier to distinguish from legitimate data - largely unnecessary as the official eDonkey system was shut down last year after copyright violation issues - the possibility of a major, well-designed botnet with potentially hundreds of thousands of infected hosts could pose a threat to sites vulnerable to DDoS and has the potential to produce vast amounts of spam.
The SecureWorks blog entry on the encrypted P2P traffic is here and further coverage is here (at ZDNet) and here (at The Register).
17 October 2007
ARF published as IETF standard
Abuse report format helps auto-handling of email complaints
02 September 2010
Microsoft releases new fix for DLL vulnerability
Earlier workaround believed to be too complex for most users.
01 September 2010
Malicious tweets link to fake TweetDeck update
Twitter resets passwords for accounts that appear to have been hacked.
01 September 2010
94% of Internet users befriend unknown 'good-looking woman'
Sensitiva data shared after two-hour chat. (1 comment)
31 August 2010
Investment boost for Quick Heal
Indian security firm gets hefty cash injection.
27 August 2010

Quick Links
![]() |
Poll
When do you install software updates?Leave a comment
View 12 comments

2 hours ago
6 hours ago
VB100 certification
With another epic haul of 54 products to test this month, the VB test team could
have done without the bad behaviour of a number of products: terrible product
design, lack of accountability for activities, blatant false alarms in major
software, numerous problems detecting the WildList set, and some horrendous
instability under pressure. Happily, there were also some good performances to
balance things out. John Hawes has the details.
See full results.
Virus Bulletin currently has 208,224 registered users.



