The Storm Worm turns one year old.

  birthday botnet infosec law_enforcement rumors russia storm_worm

The Washington Post ran an interesting article about the one-year anniversary of the release of the Storm Worm botnet agent about two weeks ago, possibly the most successful and virulent malware agent yet released on the Net. The Storm Worm beastie is unusual in that the botnet is a decentralized collective, i.e, all of the infections don't report into a single C&C channel but instead use a peer-to-peer networking protocol (a variant of the eDonkey protocol, specifically), so it can't be killed by taking down a single server. It is also interesting because updates are periodically released for …

Read more...

The Storm Worm botnet learns some new tricks - like phishing.

  botnet fast_flux hosting infosec malware phishing storm_worm websites

Scarcely one year after the initial appearance of the Storm Worm and its resulting botnet, some heretofore untapped functionality's been pushed out in one update or another in just the past couple of days: Not only is the botnet sending out phishing-related spam but the phishing sites are hosted on the infected machines themselves. The information security community is speculating that it may now be possible for the controller of the botnet to partition it and assign different tasks to different segments of the infected net.population. As if that weren't problem enough, the domains that the phishing sites use …

Read more...