Bots Launching Storm Attacks Increase Dramatically Totaling 1.7 Million in June/July

Company Warns Storm Might Be Used for More Malicious Activity

Atlanta, GA, August 2, 2007 - SecureWorks, the largest managed information security services provider safeguarding 1,800 clients and more financial institutions than any other vendor, announced today that it has seen an onslaught of Storm Worm attacks in the last two months. “From the first of January to the end of May, we only saw 71,342 Storm attacks,” said Joe Stewart, Senior Security Researcher for SecureWorks. “However, since June we have blocked 20,200,101 Storm attacks.” 

“The number of unique, infected hosts (bots), from which the attack is being launched by email, has also increased dramatically,” said Stewart.  “They went from 2,815 in the beginning of 2007 through the end of May to a total of 1.7 million for the months of June and July.”

Storm Botnet Might Be Used for Attacks 

“Storm has historically been used for spam but the hacker, controlling the trojan, has amassed so many infected hosts in the botnet that its network can easily support activities other than spamming,” said Stewart.  “We don’t know the motive of the Storm author; however one possible theory could be that the hacker plans to use the trojan for more malicious activity than sending spam. It could be that the hacker is rapidly building up the botnet so it can be leased to other hackers so that they can launch massive attacks against whatever target they choose: an organization, country, etc.  More than ever, it is critical that organizations and home computer users put protections in place to block the Storm Worm trojan.”

How to Protect Against the Storm Trojan

For corporate computer users, as well as home computer users, the best defense is to be aware of the scams connected to the Storm trojan, which include emails containing links leading to fake e-Cards from family members and friends, news stories highlighting catastrophic events, etc.

 “The Storm trojan relies on social engineering as its best ally so it is really important that computer users keep their guard up and be suspicious of any unsolicited email containing an attachment or a link,” continued Stewart.  “Even if it mentions something you are familiar with or promises some sort of critical data, always check with the sender to see what it is and why they sent it.”  

Another way computer users can protect themselves from the Storm trojan is to block peer-to-peer networking.  “When the Storm trojan runs, it attempts to link up with other infected hosts via peer-to-peer networking,” said Stewart.   “If that function is blocked, then the user’s computer cannot become a part of the Storm botnet.”

In order to fully protect one’s corporate computer users from these threats, organizations must engage an in-house security team or a managed security services firm.  These teams employ experts who can track and block threats coming in via email, the web or instant messaging based on their wider view of Internet traffic and their expertise in these kinds of scams.

About SecureWorks

With over 1,800 clients, SecureWorks has become the largest managed security services provider safeguarding more financial institutions than any other vendor. SecureWorks provides the most effective security services by leveraging our integrated security management platform, advanced security research, and 100 percent GIAC certified experts. By providing a full breadth of security services, SecureWorks offers fully-managed, co-managed, monitored or self-service security solutions to meet the needs of Fortune 100 companies with large security teams as well as smaller companies with no security expertise. In addition, SecureWorks has helped companies pass over 2,400 compliance audits by providing comprehensive and straight-forward board and examination reports. SecureWorks won SC Magazine's 2007 and 2006 MSSP of the Year award and the 2006 Best Intrusion Prevention award, Frost & Sullivan's 2006 Entrepreneurial Company of the Year award and was named to the Inc 500 and Deloitte & Touche lists of fastest-growing companies for the past two years.

Next Steps

Contact Us Call Us Today
(877) 838-7947
UK +44 131 260 3044

Online Tools

  • Print this Page
  • Share This Resource

By completing this form you'll be opting in to receiving future communications about products and services from Dell SecureWorks.