NOW READ THIS
("Security Advisory")
Submitted by: Bill Hickey
NCVA List Master
NRT-0313 Storm Worm Botnet Huge:
September statistics from Microsoft's MSRT (Malicious Software Removal Tool) suggest that the
Storm Worm botnet is comparable to the world's most powerful supercomputer, according to a press
report citing security experts. The tool - which is updated monthly on Patch Tuesday - removed
malware associated with Storm Worm from 274,372 machines in the first week after September 11 2007.
In all, the tool scanned more than 2.6 million Windows machines. These numbers, released by
Microsoft anti-virus guru Jimmy Kuo, put the size of the botnet Storm Worm has commandeered at
between 1 million and 10 million Windows machines around the world.
The MSRT targets only very specific known malware (it only finds exactly what it is looking
for) and attackers constantly tweak malware files to get around detection. In addition, it is
only delivered to Windows machines that have automatic updates turned on, so there are likely
many hijacked machines that never get a copy of the MSRT. Still, Kuo assesses that the
September version of MSRT made a dent in the massive botnet.
Another malware researcher presented data that showed MSRT knocked out about one-fifth of Storm's
denial-of-service (DoS) capability on 11 September. Unfortunately, that data did not show a
continued decrease after the first day. Immediately following the release of MSRT, the criminals
behind Storm immediately released a newer version of their software to evade MSRT.
Kuo confirmed that he expects the botnet to slowly regain its strength once cleaned machines
become reinfected because those machines are likely unpatched and not equipped with any security
software.
(ZDNet.com 24OCT07)