Storm Botnet Coming Back to Life

Security experts have discovered that the infamous Storm botnet is making a comeback. The original Storm roared to life two years ago, pumping out a whopping 20% of the world’s spam at its peak.  To spread itself it sent fake greeting cards and exploited news headlines and popular events.  This new variant uses the old code and sends fake anti-virus software and spam hawking celeb videos, internet pharmacies, and dating sites.

“This is an example of the reuse of code that worked very effectively in the past,” Don DeBolt, director of threat research at CA, told SCMagazineUS.com. “It’s a good lesson to understand about malware and the internet that when one method works in the past, it’s often reused again in the future. We have to constantly keep our guard up and look at the reissuance and redistribution of legacy malware.”

Storm was one of the largest and most powerful botnets ever until its ISP, Intercage, was shut down. Intercage hosted the botnet’s command and control servers and the shut down abruptly severed those connections. In addition researchers discovered a way to infiltrate the bot, adding to its woes. It died a quiet death and was replaced by Waledec, which itself was recently incapacitated by a court order that slammed the door shut on almost 300 of its domains.  The shuttered domains were being used to host the botnet’s command and control servers. Without them it quickly succumbed but don’t rule it put for the count just yet. If Storm is any indication, cats aren’t the only ones with nine lives.