logo

The Coming Segmented Storm

SecureWorks

The latest Storm variants have a new twist. They now use a 40-byte key to encrypt their Overnet P2P traffic. This means that each node will only be able to communicate with nodes that use the same key.

This effectively allows the Storm author to segment the Storm botnet into smaller networks. This could be a precursor to selling Storm to other spammers, as an end-to-end spam botnet system, complete with fast-flux DNS and hosting capabilities.

If that’s the case, we might see a lot more of Storm in the future.



-Shlok
Sign up for my newsletter.


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>