The return of 'Storm'

TipsMake.com - A number of security software providers around the world are warning about the return of the Storm worm, which has been "silent" for a long time, is returning and operating vigorously . And in recent days, the botnet Storm system is one of the largest computer systems.

At the time this system covered more than 1 million computers between 2006 and 2009, this was the main cause of the huge amount of spam and denial-of-service attacks ( DOS attacks ). Storm worm, which is more a trojan infection program than a worm, has been named since many email systems around the world were infected with storm-related titles Kyrill.

In early 2009, the operation of this worm gradually became quiet, and it was speculated that this computer network had enough money and was rebuilding its completely new architecture. The next generation of deep, in part due to the analysis of security experts who have understood the whereabouts and operation of this system. Besides, another reason is the fierce competition from other 'allies' such as Srizbi worm, Mega-D, Rustock, Pushdo .

In the Honeynet analysis by Tillmann Werner, Felix Leder and Mark Schlösser, they showed that the new variant of Storm changed a lot from the previous version. The 'traditional' way of communication between bot and C&C servers is being exclusive and unique through the HTTP protocol, which the bot uses to download patterns to distribute spam Viagra . At the same time, Peer-to-peer connection and sharing protocol has also completely removed, and only about 60% of the old code sets are retained and used.

According to the researchers, those who published the detailed analysis of the Storm worm and tools to remove Stormfucker in early 2009, also mentioned that the people behind the worm system were sold. The code for Storm, so the new version can also be the work of the new herder bot system.