ABSTRACT
Storm Worm is a prolific web-spread Trojan virus that infects computers and turns them into nodes (called bots) of a botnet. The bots then can be used to distribute spam messages, launch DOS attacks, host phishing web sites, etc. This paper investigated Storm Worm bots that were used to propagate the virus during a four-month period of time. We found certain network blocks, because of their vulnerability, were more likely to contain Storm Worm bots.
- Collins, M. P., Shimeall, T. J., Faber, S., Janies, J., Weaver, R., Shon. M. and Kadane, J. B. Using uncleanliness to predict future botnet addresses. In Proceedings of the 7th ACM SIGCOMM conference on Internet measurement. Oct. 2007, San Diego, CA. 93--104. Google ScholarDigital Library
- Garretson, C. Storm: the largest botnet in the world? Network World. Sept. 28, 2007. http://www.networkworld.com/news/2007/092707-storm-largest-botnet.htmlGoogle Scholar
- Grizzard, J., Sharma, V. and Dagon, D. Peer-to-peer botnets: overview and case study. HotBots '07: Workshop on Hot Topics in Understanding Botnets. Apr. 2007, Cambridge, MA. Google ScholarDigital Library
- Krebs, B. Just how bad is the Storm Worm? The Washington Post, October 2007. http://blog.washingtonpost.com/securityfix/2007/10/the_storm_worm_maelstrom_or_te.htmlGoogle Scholar
- McMillan, R. Storm Worm spews out 15 million pump-and dump messages. Computer World UK. Oct. 31, 2007. http://www.computerworlduk.com/management/security/cybercrime/news/index.cfm?newsid=5943Google Scholar
- O'Donnell, A. The evolutionary microcosm of stock spam. Security & Privacy Magazine, IEEE. 5, 1 (Jan.-Feb. 2007). 70--75. Google ScholarDigital Library
- Ono, K., Kawaishi, I. and Kamon, T. Trend of botnet activities. In Proceedings of the 41st Annual IEEE International Carnahan Conference on Security Technology. Oct. 2007, Ottawa, Canada. 243--249.Google ScholarCross Ref
- Symantec. Trojan.peacomm. Jan. 19, 2007. http://www.symantec.com/security_response/writeup.jsp?do cid=2007-011917-1403-99Google Scholar
- Web Security Labs. Storm worm chronology. Sept. 26, 2007. http://www.websense.com/securitylabs/blog/blog.php?BlogID=14Google Scholar
Index Terms
- Detection of networks blocks used by the Storm Worm botnet
Recommendations
Mining spam email to identify common origins for forensic application
SAC '08: Proceedings of the 2008 ACM symposium on Applied computingIn recent years, spam email has become a major tool for criminals to conduct illegal business on the Internet. Therefore, in this paper we describe a new research approach that uses data mining techniques to study spam emails with the focus on law ...
A Survey of Botnet and Botnet Detection
SECURWARE '09: Proceedings of the 2009 Third International Conference on Emerging Security Information, Systems and TechnologiesAmong the various forms of malware, botnets are emerging as the most serious threat against cyber-security as they provide a distributed platform for several illegal activities such as launching distributed denial of service attacks against critical ...
Honeypot detection in advanced botnet attacks
Botnets have become one of the major attacks in the internet today due to their illicit profitable financial gain. Meanwhile, honeypots have been successfully deployed in many computer security defence systems. Since honeypots set up by security ...
Comments