Security experts warn of reformed Storm botnet

The Storm botnet may be returning

Security researchers have spotted new variants of the Storm malware within the past few days, suggesting that the botnet's handlers are looking to piece together a new network of infected systems.

Storm first appeared in January 2007, taking its name from the videos of flooding in Europe that were used to lure users into downloading the Trojan installer.

The botnet reigned for nearly two years, and was constantly being re-invented to lure new users with videos based on holidays and current events.

Storm was believed to have been all but eliminated by early 2009, pushed out by newer botnets and increased security efforts. But the new incarnation of the malware carries some key differences to the old infection.

McAfee Labs researcher Toralv Dirro cited work from a group of German researchers which found that the malware had dropped its peer-to-peer communication systems and is using a standard HTTP connection.

"This change basically means that the new botnet is 'just' another botnet among the many thousands active today, with nothing special except the relationship with its notorious predecessor," he wrote in a blog post.

"However, the group running Storm has proven to be very resourceful in the past."