Automated bot attacks increase dramatically totaling 1.7 Million in June/July
SecureWorks announced today that it has seen an onslaught of Storm Worm attacks in the last two months. “From the first of January to the end of May, we only saw 71,342 Storm attacks,” said Joe Stewart, Senior Security Researcher for SecureWorks. “However, since June we have blocked 20,200,101 Storm attacks.”
“The number of unique, infected hosts (bots), from which the attack is being launched by email, has also increased dramatically,” said Stewart. “They went from 2,815 in the beginning of 2007 through the end of May to a total of 1.7 million for the months of June and July.”
Storm botnet might be used for attacks
“Storm has historically been used for spam but the hacker, controlling the trojan, has amassed so many infected hosts in the botnet that its network can easily support activities other than spamming,” said Stewart. “We don’t know the motive of the Storm author; however one possible theory could be that the hacker plans to use the trojan for more malicious activity than sending spam. It could be that the hacker is rapidly building up the botnet so it can be leased to other hackers so that they can launch massive attacks against whatever target they choose: an organization, country, etc. More than ever, it is critical that organizations and home computer users put protections in place to block the Storm Worm trojan.”
How to protect against the storm trojan
For corporate computer users, as well as home computer users, the best defense is to be aware of the scams connected to the Storm trojan, which include emails containing links leading to fake e-Cards from family members and friends, news stories highlighting catastrophic events, etc.
Another way computer users can protect themselves from the Storm trojan is to block peer-to-peer networking. “When the Storm trojan runs, it attempts to link up with other infected hosts via peer-to-peer networking,” said Stewart. “If that function is blocked, then the user’s computer cannot become a part of the Storm botnet.”