Thursday, January 03, 2008

A 2007 Year-End Growth of More Than 200% for The Storm Botnet


Thorsten Holz writes on the Honeyblog:

The picture illustrates the success rate of the botnet: The x-axis shows the date, starting a few days before Christmas and ending today. The y-axis represents the number of infected machines within Stormnet, the "encrypted" part of the botnet in which the actual communication is XORed with a 40 byte key.

As you can see, the first days before Christmas the size of the botnet was around 5-14 thousand infected machines. However, just around Christmas the size grows again due to successful infections and new victims which fell for the social engineering mails. For now, the botnet has peaked at about 40 thousand infected machines being online at a time.


Moreover, the picture also shows a clear diurnal pattern: many infected host are located in the US and these machines are turned off during the night, leading to fewer online machines within the botnet.



More here.

Image source: Moritz Steiner, Honeyblog.org

0 Comments:

Post a Comment

<< Home