Network News

X My Profile
View More Activity

Holiday Spam Quadruples Storm Worm Infections

The flood of phony e-greetings cards spammed out over the holidays may have helped to more than quadruple the number of Microsoft Windows PCs infected with the "Storm worm," new research suggests.

By mid-December, the size of the Storm worm "botnet" - or pool of infected machines that Storm's author(s) control from afar - stood at around 5,000 to 10,000 systems, according to estimates by researchers at the German Honeynet Project, which has been tracking the size and activity of Storm for several months. This was fairly close to a historic low for a botnet, that by some estimates claimed between one and 10 million infected PCs in the middle of 2007.

Just before Christmas Eve, Storm began to stir again: Inboxes around the world began choking on a flood of Storm-worm laced fake e-greetings cards bearing holiday greetings. A few days later, another wave of bogus greeting cards - this time with New Year's salutations -- was blasted out with Storm attached.

Apparently, that campaign was largely successful at breathing new life in the Storm botnet, which now stands at a more robust 40,000 infected systems, said Thorsten Holz, one of the founders of the Honeynet Project.

Courtesy The German Honeynet Project.

Check out the graphic at the right for a look at the Storm botnet's growth over the holidays. Holz said the up-and-down pattern seen throughout the graph probably is caused by the regular, diurnal pattern of infected machines being turned off for the evening and restarted again in the morning. Such a strong, consistent pattern may also suggest that the bulk of the infected PCs are located within a relatively small number of time zones (e.g., the United States).

By Brian Krebs  |  January 4, 2008; 1:40 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Sears's Privacy Promises Broken?
Next: Class Action Suit Alleges Sears Privacy Failures


The succeptability of XP & Vista to these kinds of attacks is just another reason to look at Linux for business applications.

Beginning Ubuntu Linux 2d by Keir Thomas, [644Pp.] 2007 Ed from APRESS, List for $39.99 US was picked up from Amazon [USED -- Not really] from a sub-seller, Book Express in Holbrook, NY and received by regular shipping for $18.95 & apx $4 shipping in New Condition.

Included was a DVD containing full versions of Ubuntu 6.10 and 6.06.1 LTS as well as Kdubuntu and Xubuntu along with Open Office Org and other user apps.

Posted by: brucerealtor | January 4, 2008 2:39 PM | Report abuse

Oh,Boy! And they call us Firefox users a Cult? Take your SPAM elsewhere, please!

Posted by: Keith Warner | January 4, 2008 10:19 PM | Report abuse

Let me get this straight: there are at tens of thousands of idjits in the US with Windows-based workstations that are either unprotected by firewalls and anti-virus, and/or who are stupid enough to open e-mail attachments from people they don't know.


Are these people the same 25% of recent opinion polls who still support George Bush?


Posted by: DB Cooper | January 5, 2008 12:07 AM | Report abuse

I use Gmail to check emails. It does such a good job that I didn't even know that there were fake ecard emails this past holiday season.

Posted by: Mike | January 5, 2008 7:37 AM | Report abuse

@Mike: Yeah and with Gmail you can feel secure the idjits at Google will never screw up or sell you out. Because they have such a good privacy and security track record in the industry.

Posted by: Dominique | January 6, 2008 2:15 PM | Report abuse

@Keith Warner: no they never called you Firefox users a cult. They only called you a joke. The guy was spreading a word about a good book. The guy isn't selling anything. He's spreading the word about a book. Tell your daddy you can't play anymore, grow up, and chill out.

Posted by: Dominique | January 6, 2008 2:18 PM | Report abuse

these german's clearly don't have a clue on what's going on. 10.000 compromised systems is the lowest estimation iv seen from any analysts yet. UC San Diego placed the number at 20,000... but other sources say 50 million, others insist on around 20, 40, 12... and of course they argue about the given time of when they were biggest and where they're now. no one has a clue besides the controller who's running a C&C server and is bound to land himself a fine job whenever he's caught.

Posted by: botnix | January 9, 2008 9:08 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company