funsec mailing list archives
2007 Year-End Growth of More Than 200% for The Storm Botnet
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Thu, 3 Jan 2008 22:57:04 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Thorsten Holz writes on the Honeyblog: [snip] The picture illustrates the success rate of the botnet: The x-axis shows the date, starting a few days before Christmas and ending today. The y-axis represents the number of infected machines within Stormnet, the "encrypted" part of the botnet in which the actual communication is XORed with a 40 byte key. As you can see, the first days before Christmas the size of the botnet was around 5-14 thousand infected machines. However, just around Christmas the size grows again due to successful infections and new victims which fell for the social engineering mails. For now, the botnet has peaked at about 40 thousand infected machines being online at a time. Moreover, the picture also shows a clear diurnal pattern: many infected host are located in the US and these machines are turned off during the night, leading to fewer online machines within the botnet. [snip] More here: http://honeyblog.org/archives/156-Measuring-the-Success-Rate-of-Storm-Worm. html Storm really is the Energizer Bunny of botnets. ;-) - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHfWhDq1pz9mNUZTMRAu5KAKDARrF1STwJdRjObt32XFK32LzbywCgngMy 3Gw61WeISIEjR22Uq7MjB5Q= =qMQC -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- 2007 Year-End Growth of More Than 200% for The Storm Botnet Paul Ferguson (Jan 03)
- Re: 2007 Year-End Growth of More Than 200% for The Storm Botnet Dude VanWinkle (Jan 04)