The Storm Worm bot appears to be threatening to become a major problem. It’s grown larger than anything similar in the last two years, and has built of botnet of around two millioncomputers. According to computer security company Secureworks, the last two months has seen a massive jump in the number of zombie computers on thebotnet. During the first five months of this year, they tracked 2,815 bots that launched attacks of the Storm Worm. In the last two months that figure has skyrocketed to 1.7 million. “It’s been building with exponential growth," said Joe Stewart, senior researcher for SecureWorks. “It’s one of the largest botnets I’ve ever heard of.” Another company,Postini, tracked a staggering 46.2 million malicious messages, over 99% of them from Storm Worm. First discovered on January 17 of this year, it infectedthousands of computers in the U.S. and Europe two days later, using an e-mail message that said “230 dead as storms batter Europe.” There were six waves of the initial attack, so that byJanuary 22 the Storm Worm accounted for 8% of all infections globally. The worm arrives as an e-mail attachment. When opened, it installs the wincom32 service, and injects a payload, passingon packets to destinations encoded within the malware itself. The infected machine becomes part of a botnet. However, it’s not controled centrally – the Storm Worm botnet is more like apeer-to-peer network with no central hub, making it harder to take down. The bots are set up to launch denial of service attacks, which scares researchers, since that many computers turned ona single organization could be catastrophic.
