Storm Worm Botnet Attacks Anti-Spam Firms - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Storm Worm Botnet Attacks Anti-Spam Firms

Organizations like the Spamhaus Project and have been under attacks for months, but they've managed to stay online.

There's no need to warn the anti-spam researchers at the Spamhaus Project about the Storm worm authors' ability to launch massive denial-of-service attacks. They've been fending them off for several months. And they've lived -- or at least stayed online -- to tell the tale.

"It's been a pretty constant battle to stay online," Vincent Hanna, an investigator for the non-profit Spamhaus Project, told InformationWeek. "It's an arms race. They try something. We block it. They try something else. We block it. It goes on and on. Sometimes it's fine and sometimes we spend hours a day on this."

Spamhaus is one of the anti-spam organizations that have been targeted in recent months by the Storm worm authors. The malware writers have amassed a giant, international botnet of compromised computers. Estimates of its size range wildly -- from one or two million up to 50 million bots. Regardless of its specific size, though, security researchers say it's definitely large enough to wreak a lot of havoc with a company's network, a government agency, an ISP, or possibly even an entire country, if they use that illegal grid to launch a denial-of-service (DoS) attack.

Adam Swidler, a senior manager with security company Postini, said in an earlier interview he has no doubt if the Storm worm bosses focused the full power of their botnet on a targeted DoS attack, it could do a lot of damage. "I think there's no question they could damage any single company, whether through a DoS attack or a spam barrage," he added. "I'd be less worried about a Yahoo or a Bank of America than the thousands of mid-sized banks that aren't as well protected. But undoubtedly, this could do a great deal of damage."

While the protracted DoS attack on Spamhaus hasn't used the full force of the botnet's might, the attack has been long enough and strong enough to be disruptive, even if it hasn't knocked the organization offline.

Hanna said Spamhaus is used to being under fairly constant attack by cyber criminals who would like to mess with the organization that tracks the Internet's spam gangs. This attack, which he said he's traced directly to the Storm worm botnet, has been different.

Instead of pushing a huge stream of packets at their network to overwhelm their servers, the Storm botnet is flooding them with nonsensical URL requests. And this attack, which recently subsided, has been the longest attack they've ever had to repel -- lasting about two months.

"We manage," said Hanna. "We're still online but we have to keep a constant eye on what's happening. It's a pretty constant battle to stay online. It would be nice if we didn't have to give it this much effort and hardware and time, but we have to do it. The very fact that they DDoS us, tells us we're doing a good job."

Matt Sergeant, chief anti-spam technologist with MessageLabs, said in an interview that the Storm worm authors have been going after various anti-spam organizations for several months. And there's no sign of it slowing down.

"The volumes of data in the current DoS attacks is enormous," he added. "The [anti-spam organizations] have been dealing with a DoS attack that's been lasting months and months now."

Jeff Chan, a researcher at, a spam blacklist, said in an e-mail to InformationWeek that they also have been hit by Storm DoS attacks. "In terms of mitigating Storm, it's challenging at best and impossible at worst since the bad guys control many hundreds of megabits of traffic," he wrote. "There's some evidence that they may control hundreds of Gigabits of traffic, which is enough to force some countries off the Internet."

Chan also was quick to warn that this is not a botnet that should be taken lightly.

"Too many people do not understand the scope of the problems," he wrote. "Until more is done against botnets and the people who create them, everyone is potentially vulnerable, even networks with 100 plus gigabit connections."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Can Cloud Revolutionize Business and Software Architecture?
Joao-Pierre S. Ruth, Senior Writer,  1/15/2021
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
How CDOs Can Build Insight-Driven Organizations
Jessica Davis, Senior Editor, Enterprise Apps,  1/15/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
Flash Poll