Re: 2007 Year-End Growth of More Than 200% for The Storm Botnet

["Dude VanWinkle" <dudevanwinkle () gmail com>]

On Jan 3, 2008 5:57 PM, Paul Ferguson <fergdawg () netzero net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Thorsten Holz writes on the Honeyblog:
>
> [snip]
> As you can see, the first days before Christmas the size of the botnet was
> around 5-14 thousand infected machines. However, just around Christmas the
> size grows again due to successful infections and new victims which fell
> for the social engineering mails. For now, the botnet has peaked at about
> 40 thousand infected machines being online at a time.
>
> Moreover, the picture also shows a clear diurnal pattern: many infected
> host are located in the US and these machines are turned off during the
> night, leading to fewer online machines within the botnet.

Also, over the Winter Break, College students will turn off their
computer for 10 or so days, starting at just before X-Mas and leading
up to just after NYE..

> [snip]
>
> More here:
> http://honeyblog.org/archives/156-Measuring-the-Success-Rate-of-Storm-Worm.
> html
>
> Storm really is the Energizer Bunny of botnets. ;-)

Well at least you can track Storm. If the infections are Nugache, you
would have to wait a few months in hope of everyone checking in order
to attempt to get an accurate number, which you still wouldn't get..

-JP
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.