Storm botnet blows itself out

Analysis of web-based malware suggests that 36.1 per cent of interceptions in April were new

The Storm botnet decreased to just five per cent of its original size during April, but overall web-based malware levels increased by 23.3 per cent, new monitoring data reveals.

MessageLabs' Intelligence Report for April 2008 said that new malicious software removal tools aimed at removing Storm infections were responsible for the sudden reduction in Storm-infected computers.

The security firm now estimates the botnet at approximately 100,000 compromised computers, down from previous estimates of two million.

This is evidenced by a 57 per cent decrease in malware-laden emails distributed by the Storm botnet during April.

However, analysis of web-based malware suggests that 36.1 per cent of interceptions in April were new, an increase of 23.3 per cent since March.

MessageLabs also identified an average of 1,214 new websites per day harbouring malware and other potentially unwanted programs such as spyware and adware, an increase of 619 compared with the previous month.

"April was a month of unpredictability with the mighty Storm botnet losing all but five per cent of its anonymous army, and web-based malware reaching new levels," said Mark Sunner, chief security analyst at MessageLabs.

"This month we find ourselves fighting the cyber-crime battle on many fronts, with the bad guys using an arsenal of weapons in order to detonate spam, viruses, phishing attacks and targeted Trojans.

"This makes it more important than ever to have a strong security shield in place."

On the cusp of the 30th anniversary of the first spam email, MessageLabs identified a new spamming technique being used to send authenticated spam email via Yahoo's SMTP servers.

The study also revealed that targeted attacks reached new heights last month. MessageLabs intercepted approximately 70 targeted Trojans per day, an increase of 250 per cent on December 2007.

The firm has intercepted 13 Olympics themed attacks over the past six months which use legitimate-sounding email subject titles.

Some attacks purported to be from the International Olympic Committee in Lausanne, but all the attacks but one were sent from an IP address in Asia Pacific.