The Storm botnet or Storm worm botnet is a remotely controlled network of”zombie” computers (or “botnet”) that has been linked by the Storm Worm, a Trojan horse spread through e-mail spam. Some have estimated that by September 2007 the Storm botnet was running on anywhere from 1 million to 50 million computer systems. Other sources have placed the size of the botnet to be around 250,000 to 1 million compromised systems. More conservatively, one network security analyst claims to have developed software that has crawled the botnet and estimates that it controls 160,000 infected computers. The Storm botnet was first identified around January 2007, with the Storm worm at one point accounting for 8% of all malware on Microsoft Windowscomputers.
Botnets are considered the most prevalent and dangerous threat lurking in the Web today. The damage they cause can range from information theft and malware infection to fraud and other crimes. A botnet refers to a network of bots or zombie computers used widely for malicious activities like spamming or click fraud. It has a C&C to which the bot master (controller) can add new components.
The Storm botnet has been used in a variety of criminal activities. Its controllers, and the authors of the Storm Worm, have not yet been identified. The Storm botnet has displayed defensive behaviors that indicated that its controllers were actively protecting the botnet against attempts at tracking and disabling it. The botnet has specifically attacked the online operations of some security vendors and researchers who attempted to investigate the botnet. Security expert Joe Stewart revealed that in late 2007, the operators of the botnet began to further decentralize their operations, in possible plans to sell portions of the Storm botnet to other operators. Some reports as of late 2007 indicated the Storm botnet to be in decline, but many security experts reported that they expect the botnet to remain a major security risk online, and the United States Federal Bureau of Investigation considers the botnet a major risk to increased bank fraud, identity theft, and other cybercrimes.
The botnet reportedly is powerful enough as of September 2007 to force entire countries off the Internet, and is estimated to be capable of executing more instructions per second than some of the world’s top supercomputers. However, it is not a completely accurate comparison, according to security analyst James Turner, who said that comparing a botnet to a supercomputer is like comparing an army of snipers to a nuclear weapon. Bradley Anstis, of the United Kingdom security firm Marshal, said, “The more worrying thing isbandwidth. Just calculate four million times a standard ADSL connection. That’s a lot of bandwidth. It’s quite worrying. Having resources like that at their disposaldistributed around the world with a high presence and in a lot of countriesmeans they can deliver very effective distributed attacks against hosts.