Ever since a disappointing release last year, the StormWorm has become a lot more sophisticated due to numerous updates, and is now an extremely able tool, which is difficult to deal with.
Two days after the outbreak of the worm in mid-August 2007, the number of spam-mail in typical internet e-mail boxes had grown by 30% (from 366 spam letters per hour to 491), which accounts for the 3% rise in spam-mail in August.
Spam typically becomes more active after worm releases that can infect computers in networks and turn them into “bots” – computers that take part in mass mailing schemes and redistribution of the worm itself. Using such a method, these “bots” create a “botnet”, which keeps growing and growing with every infected computer.
Most of the spam distributed by the StormWorm were text-based stock fraud messages, used to bring the price of a certain stock up, so it could be sold with more profit. This type of spam mail isn’t new, but the amounts show just how much the StormWorm managed to improve.
According to a Watchguard technologies analyst, the technology of these recent “botnets” has become a lot more complex and sophisticated: some of them have the ability to heal themselves even if the “command computer” has been cut off, since “bots” now store other infected computers’ databases. Another thing that makes it difficult to combat botnets is their new practice of constantly changing IP addresses.
There is no reliable information on the size and number of StormWorm botnets, but experts assume the total number of infected computers to be somewhere between 1.5 and 1.8 million, not a shocking margin compared to the sizes of botnets at the beginning of the decade, but one that is larger than any worm has achieved in the past five years.
Comment on StormWorm strikes back