Opinions vary on whether Storm is the largest network of its kind; estimates ran from half a million systems to 6.5 million systems over the past year with 2007 reports estimating botnet size of up to 1.8 million. On the lower end, one recent report shows that the number of Storm infected machines peaked at around 40,000 on January, 2008. The honeynet project had monitored botnets ranging in size of up to 50,000 machines. One issue is that accurate counting is very difficult. It is possible that Storm Worm is not the current largest botnet, but is one of the largest – and one of the most successful.

However, Storm is not static. Three hundred thousand PCs may be cleaned up while Storm is recruiting another half a million. It is like a never-ending cyber game of whack-a-mole. Part of the Storm DNA is to recruit to replace fallen or patched machines. In older botnet systems, a system administrator cleaned and patched a system and it was cured. Storm is a new epidemic; a network can get cleaned of one version and get re-infected tomorrow. Regardless of its actual current size Storm and its archetype represents a substantial risk in computational power.

What makes it different from other malware?

Past malware iterations were one trick ponies, focusing on a single method of attack that, once discovered, was easily patched and mitigated by the security industry. Storm is unprecedented in the elegant combination of independently innovative tricks it uses to obfuscate signature anti-virus. Just as unique and impressive, is Storm’s masterful use of effective Social Engineering to deliver its malware.


Is Storm just being used to send spam?

No. Storm has three recognized revenue opportunities, but is not limited to these:

1. Botnet Rentals: The large scale of the botnet is being used as real-estate for the spam community, with portions being rented/or leased by spammers to send spam using Storm as the middleman.
2. Stock Market Manipulation: Penny stock trades are being performed through mass-marketed phishing schemes to artificially inflate stock prices, creating a profit scheme for those playing the “pump and dump” stock game.
3. DDoS for Hire: Although this does not appear to be a primary source of revenue, the massive size of Storm could easily take down any Fortune 50 company, holding the servers out for ransom or simply disrupting business. Additionally, as a form of self-preservation, Storm has launched DDOS attacks on companies that have security researchers working to mitigate the botnet.