Storm Worm Botnet Attacks Anti-Spam Firms - InformationWeek
Software // Enterprise Applications
01:50 PM

Storm Worm Botnet Attacks Anti-Spam Firms

Organizations like the Spamhaus Project and have been under attacks for months, but they've managed to stay online.

There's no need to warn the anti-spam researchers at the Spamhaus Project about the Storm worm authors' ability to launch massive denial-of-service attacks. They've been fending them off for several months. And they've lived -- or at least stayed online -- to tell the tale.

"It's been a pretty constant battle to stay online," Vincent Hanna, an investigator for the non-profit Spamhaus Project, told InformationWeek. "It's an arms race. They try something. We block it. They try something else. We block it. It goes on and on. Sometimes it's fine and sometimes we spend hours a day on this."

Spamhaus is one of the anti-spam organizations that have been targeted in recent months by the Storm worm authors. The malware writers have amassed a giant, international botnet of compromised computers. Estimates of its size range wildly -- from one or two million up to 50 million bots. Regardless of its specific size, though, security researchers say it's definitely large enough to wreak a lot of havoc with a company's network, a government agency, an ISP, or possibly even an entire country, if they use that illegal grid to launch a denial-of-service (DoS) attack.

Adam Swidler, a senior manager with security company Postini, said in an earlier interview he has no doubt if the Storm worm bosses focused the full power of their botnet on a targeted DoS attack, it could do a lot of damage. "I think there's no question they could damage any single company, whether through a DoS attack or a spam barrage," he added. "I'd be less worried about a Yahoo or a Bank of America than the thousands of mid-sized banks that aren't as well protected. But undoubtedly, this could do a great deal of damage."

While the protracted DoS attack on Spamhaus hasn't used the full force of the botnet's might, the attack has been long enough and strong enough to be disruptive, even if it hasn't knocked the organization offline.

Hanna said Spamhaus is used to being under fairly constant attack by cyber criminals who would like to mess with the organization that tracks the Internet's spam gangs. This attack, which he said he's traced directly to the Storm worm botnet, has been different.

Instead of pushing a huge stream of packets at their network to overwhelm their servers, the Storm botnet is flooding them with nonsensical URL requests. And this attack, which recently subsided, has been the longest attack they've ever had to repel -- lasting about two months.

"We manage," said Hanna. "We're still online but we have to keep a constant eye on what's happening. It's a pretty constant battle to stay online. It would be nice if we didn't have to give it this much effort and hardware and time, but we have to do it. The very fact that they DDoS us, tells us we're doing a good job."

Matt Sergeant, chief anti-spam technologist with MessageLabs, said in an interview that the Storm worm authors have been going after various anti-spam organizations for several months. And there's no sign of it slowing down.

"The volumes of data in the current DoS attacks is enormous," he added. "The [anti-spam organizations] have been dealing with a DoS attack that's been lasting months and months now."

Jeff Chan, a researcher at, a spam blacklist, said in an e-mail to InformationWeek that they also have been hit by Storm DoS attacks. "In terms of mitigating Storm, it's challenging at best and impossible at worst since the bad guys control many hundreds of megabits of traffic," he wrote. "There's some evidence that they may control hundreds of Gigabits of traffic, which is enough to force some countries off the Internet."

Chan also was quick to warn that this is not a botnet that should be taken lightly.

"Too many people do not understand the scope of the problems," he wrote. "Until more is done against botnets and the people who create them, everyone is potentially vulnerable, even networks with 100 plus gigabit connections."

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
[Interop ITX 2017] State Of DevOps Report
[Interop ITX 2017] State Of DevOps Report
The DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll