When Storm first began setting off alarms in Dec. 2006 with a flood of related spam activity, it was a relatively simple Trojan program. However, latest variant of the attack has evolved into something far more sinister, distributing copies of itself inside a password protected ZIP file to circumvent anti-virus systems and install a root kit on infected systems.
The increasing professionalism being displayed by those creating the attacks is another hallmark of the growing maturity of the botnet economy, researchers said. Another sign are the growing number of botnets being used only once by each group of attackers, before being abandoned.
Some of the activity is the result of smarter attackers, while some credit for the trend should be accounted to improved defenses, said Dave Marcus, security research and communications manager with McAfee's Avert Labs.
"We're seeing a lot more bots that are single-purpose, which will make them harder to catch but changes the overall impact," Marcus said. "Previously you'd see most of them being used for denial-of-service, spam, adware, and spyware, but more and more appear to be built for a single purpose; clearly the attackers are focusing on whatever it is that is making them the most money, and the smarter ones are trying to stay on step ahead of pursuit."
Much as traditional self-replicating worms were the format of choice for attackers between 2001 and 2004, researchers contend that the IT security community should be ready for the new botnet-driven variety to become a popular platform for mass attacks until they are stymied.
Smaller, targeted threats carried out against select groups of people may reap the greatest financial spoils for malware writers and cyber-criminals, but the emerging virus format that has pounded the Internet over the last week may prove a more readily-noticeable nuisance, experts maintain.
"We've long seen the e-mail-based worms, but really the Web-based side of it has been underutilized, so it shouldn't be a surprise," said Dmitri Alperovitch, principal research scientist at software maker Secure Computing, San Jose. "Storm is just one of the first major attacks to capitalize on this opportunity, but there's every reason to believe that with the size of the botnet problem we'll probably see quite a few more."