Storm worm thunders into February malware chart
By Rene Millman
Posted on 1 Mar 2007 at 12:48
The deluge from the Storm worm places it at the top of the malware charts in February, according to findings from security appliance vendor Fortinet.
The worm, also known as Tibs, accounted for 3.91 per cent of all malware detected in the month. Only phishing emails were more prevalent than the worm.
According to Guillaume Lovet, threat response team leader at Fortinet, no less than 36 different variants of the Storm Worm were seen active this month.
'The overwhelming presence of the Storm worm is not without consequence, as it is being leveraged to generate and relay massive amounts of spam,' said Lovet.
'However, the battle against spam is not lost. A purely factual analysis of the situation tends to prove that in the final race to arms against content analysis filters, spammers are losing ground.'
The company found that on 8 February, one variant of the Storm worm accounted 60 per cent of all Tibs-related detections.
Lovet said that one very observable consequence of the worm was an increase in the volume of spam emails occurring since the end of 2006.
The Storm worm, alongside another worm named 'Stration', were purely meant to create large-sized botnets, more or less centralised. Stration's net consists in syndicated smaller traditional IRC botnets while Tibs implements a peer-to-peer botnet.
'Reducing the number of infected machines would effectively tackle the spam problem, at least, in the proportions it has taken today,' said Lovet. 'The problem is the number of infected machines, on the contrary, is growing everyday. The reasons for that are multi-fold, but the consequence is that we are left trying to cope with massive amounts of spam.'
Lovet added that content analysis is not the only means to block spam.
'Analysing the envelope rather than the content of the letters is a strategy frequently implemented in anti-spam filtering systems,' he said. 'For instance, it may consist in comparing the incoming IP address to real time block lists or reputation systems.'
He said that although such approaches are often purely reactive - leaving windows of opportunity opened for rogue IP addresses to send out spam - it could also help reduce the amount of bulk mails reaching end-users' boxes.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk