The Storm Botnet was a botnet that was initially identified in the year 2007. It is also known as Dorf botnet and Ecard Malware like similar botnets it was controlled and accessed by an attacker after a compromise. This storm botnet is mainly linked to email spam attachments with payloads embedded with it with the help of Trojan Horse malware.
It was identified somewhere around Jan 2007 by having distributed an email with the subject “230 dead as storm batters Europe” and by the time of September 2007, it was found that the malware was running on almost 1 million to 50 million systems infected across Europe region by this Storm botnet. The Storm botnet was specially designed to infect Windows machines.
Storm Botnet was the biggest botnet attack of 21 Century, the computers were then directed by the attackers to launch massive cyberattacks like DDoS (Denial of Service) attacks. And Storm botnet was one largest botnet in the world which exploded around 2007.
Storm Botnet was mainly used for email phishing campaigns to infect the users with Trojan Horse targeting windows Systems to explode a remote botnet control by the attackers and it is also known as Email Fraud. It was the initial target was Europe regions as security experts. And as per the sources till December 2012 the original creators of the storm botnet were not found. As per the security researchers, it was linked to the notorious Russian Business Network (RBN) malware hosting organization.
Lawrence Baldwin, computer Forensic Specialist said that Storm is sending billions of messages a day. And one of the methods bots used to attract the user victims to infection-hosting websites which offer free music from well-known artists. And as the analysis, it was confirmed that the multiple storm variants hampered the signature-based detections on the security defences.
How Storm Botnet worked
Security researchers mentioned the 2 things about Storm Botnets, Firstly the Trojan ditched the traditional Command and Control technology for a peer to peer connections to keep tabs on the infected systems. “Storm built its botnet without a CNC” which made them the army of compromised systems to bypass traditional detection mechanisms.
Secondly, the botnet distributes them from servers to bot-controlled systems to continuously keep ahead of antivirus vendors and their signature detections. And it spreads around using social engineering attacks on the users.
Combating Botnet attacks
Botnets can be a massive challenge to the security of the enterprise IT infra. But the business must be prepared for these cyber-attacks and Cyber security professionals must be aware to learn the variety of penetration testing activities to test the networks and prevent them before the attackers take control. Botnets attacks impacted millions of resources and businesses of billion dollars which can be identified and ultimately fix the vulnerabilities.
Recommendations to prevent Botnet attacks
- Keep your System OS updates up to date with the latest Security patches and Vulnerability fixes.
- It is better to avoid email attachments from suspicious or unknown sources and email senders.
- Avoid downloads from peer-to-peer and file-sharing networks such as Torrents sites.
- Update your antivirus software with the latest signatures.
- It is always recommended to disable the Unused ports on the Firewall rule policies.
- Create secure password policies to avoid unauthorized access such as implementing MFA access on all critical devices.
Technical Detections of Storm Botnet
- As Dorf
- Mal/Dorf-[Letter] (Sophos)
- Trojan.Win32.Dorf.[Letter] (v) (Sunbelt Software)
- As Ecard
- Trojan:Win32/ECardViewer (Microsoft)