• SIP
Enterprise Featured Article
August 06, 2007
Storm Attacks from Bots Hit 1.7 Million in June and July
By Prabhala Ranga Sai TMCnet Contributing Editor
SecureWorks, leading information security services provider, announced that storm attacks with an intention of malicious activity were on rise in June and July where the number reached an alarming figure of 1.7 million. By comparison, there were 71,342 such attacks during the period January through May and the number was much smaller at 2,815 at the beginning of the year.
However, since June SecureWorks has blocked 20,200,101 Storm attacks, said Joe Stewart, senior security researcher at SecureWorks.
However, since June SecureWorks has blocked 20,200,101 Storm attacks, said Joe Stewart, senior security researcher at SecureWorks.
When Storm Worm runs, it attempts to link up with other infected hosts via peer-to-peer networking. Through this conduit it gets a URL that points to a second-stage executable, which in turn downloads additional stages onto the infected system.
A massive attack by Storm Worm took place on January 12 this year, when a number of anti-spam websites came under a distributed denial-of-service attack. The trojan responsible for the attack was one of several dropped onto systems infected by a seeding of the email virus which later came to be called "Storm Worm", also W32/Small.DAM and Trojan.Peacomm.
"Storm has historically been used for spam but the hacker, controlling the Trojan, has amassed so many infected hosts in the Botnet that its network can easily support activities other than spamming," said Stewart. "We don't know the motive of the Storm author; however one possible theory could be that the hacker plans to use the Trojan for more malicious activity than sending spam. It could be that the hacker is rapidly building up the botnet so it can be leased to other hackers so that they can launch massive attacks against whatever target they choose: an organization,
country, etc. More than ever, it is critical that organizations and home computer users put protections in place to block the Storm Worm Trojan."
country, etc. More than ever, it is critical that organizations and home computer users put protections in place to block the Storm Worm Trojan."
SecureWorks has suggested some measures ( http://www.secureworks.com/research/threats/storm-worm) to check the storm attacks. These include knowing the scams connected to the Storm Trojan, which include unsolicited emails containing links leading to fake e-Cards from family members and friends, news stories highlighting catastrophic events, etc.
Blocking peer-to-peer networking is another way to check Storm Trojans as they attempt to link up with other infected hosts via peer-to-peer networking. When this function is blocked, user's computer cannot become a part of the Storm botnet, Stewart explains.
Blocking peer-to-peer networking is another way to check Storm Trojans as they attempt to link up with other infected hosts via peer-to-peer networking. When this function is blocked, user's computer cannot become a part of the Storm botnet, Stewart explains.
P.R. Sai is a contributing writer for TMCnet
Don't forget to check out TMCnet’s White Paper Library, which provides a selection of in-depth information on relevant topics affecting the IP
Communications industry. The library offers white papers, case studies and other documents which are free to registered users.
Communications industry. The library offers white papers, case studies and other documents which are free to registered users.
