Storm getting ready to be sold?

The people behind Storm have added a 40 byte encryption to their command-and-control traffic between the bot-herder and bots, leaving security analysts even more at loss than before. This recent development has lead to the assumption that Storm's botnet might be sold to scammers or denial-of-service attackers.

In order to sell the botnet, it would have to be divided into pieces, most probably by scrambling the Overnet P2P traffic (Storm, unlike most other bot-creating malware, doesn't use IRC for it's command-and-control traffic and instead uses P2P, making it even more difficult to track).

This encryption may actually help security specialists in the long run, since it will be easier to tell eDonkey traffic from that of Storm nodes. For the time being, however, it will simply create a big mess.

Storm has created the largest botnet during the past few years, even though it's not nearly as big as those earlier in the decade. That being said, the actual size of the botnet is unknown: some say it has a million bots or more, but others, such as Joe Stewart, who has been watching Storm since it came out in January, say it is much less, possibly somewhere in the 250,000 range.

Either way, the botnets sold to spammers and denial-of-service attackers are usually the size of 1,000-5,000 bots, which leaves Storm's creators with a lot of freedom over how they should “slice up” their net.

Storm's botnet would make a good buy, since it has its own fast-flux DNS and hosting abilities.


Files
Software
Compare
Like us on Facebook