It’s been nearly a month now since the Storm botnet sent its last spam run -- significantly long enough that botnet researchers now conclude this could be the end of most infamous botnet once and for all.
Such prolonged inactivity is unusual for a botnet, they say, which may indicate that Storm’s operators have abandoned it. The only signs of life have been some remaining Storm-infected machines checking in with one another. One group of researchers has seen some Storm hosts return “go away, we’re not home” replies when contacted.
“It’s been almost a month now with nothing. That we have not seen before -- Storm has been pretty actively sending out copies of itself or sending spam nonstop since it started,” says Joe Stewart, director of malware research for SecureWorks. “Based on what we’ve seen in the past with other botnets, I would say there’s a good chance it won’t come back at all.”
Stewart, as well as researchers from Damballa and Marshal, say Storm has been dormant since mid-September, and its last major spam campaigns, such as the so-called “World War III” scam, were back in July. The fact that it’s been inactive for so long reduces its chance of coming back, Stewart says. “Every minute that it’s not out there seeding and trying to spread more bots, they’re losing bots” and money, he says. “If they have the intention of keeping this operation up, they would at least have had to remain in maintenance mode where they keep something [spamming] out there… so when they were ready for the next big spam or social engineering thing, the botnet is there and at the ready, and they don’t have to wait for it ramp back up again.”
Even if turns out that this lull was merely the quiet before a Storm surge, it’s unlikely that even a reinvented Storm -- now at about 47,000 infected machines, according to Damballa -- would ever operate at the massive size it once was, at close to a half-million bots at its peak in early January. This is likely the end of the era of massive botnets, and the beginning of a new generation of smaller, more targeted botnets, says Paul Royal, director of research for Damballa.
“This is the end of the really gigantic botnet as we know it,” Royal says.
No comments:
Post a Comment