Storm botnet makes a comeback

published 29 April 2010

The Storm botnet is set to rise again, according to security experts McAfee.

Toralv Dirro posted a blog on McAfee Labs claiming the rumours about the botnet returning were true and it is being rebuilt to resemble the old school functionalities of previous Trojans.

Dirro claimed that its infamy initially led to its demise but this resurrected version made it become "just another botnet" similar to the hoards there are today sending out spam.

Researchers from Germany claimed two thirds of the new Storm was copy and pasted from the old code but one more individual aspect had been removed.

"What is missing is the original peer-to-peer (P2P) functionality, possibly in response to a tool these researchers developed that could bring down Storm," wrote Dirro.

"Cutting away the P2P functionality focuses the new Storm variants to HTTP communication with their command server."

However, Dirro still warns the botnet is something to keep a close eye on.

"The group running Storm has proven to be very resourceful in the past," he wrote, "and while it's not clear if it is the same group, or another group reusing their code, we will certainly monitor this threat carefully."

Jennifer Scott is a former freelance journalist and currently political reporter for Sky News. She has a varied writing history, having started her career at Dennis Publishing, working in various roles across its business technology titles, including ITPro. Jennifer has specialised in a number of areas over the years and has produced a wealth of content for ITPro, focusing largely on data storage, networking, cloud computing, and telecommunications.

Most recently Jennifer has turned her skills to the political sphere and broadcast journalism, where she has worked for the BBC as a political reporter, before moving to Sky News.

Get the ITPro daily newsletter