Not to be confused with the unrelated Eggdrop bot script "stormbot.tcl.".
For more details on the worm, see Storm Worm.
This article's factual accuracy may be compromised due to out-of-date information. Please help update this article to reflect recent events or newly available information.(November 2010)
The typical lifecycle of spam that originates from a botnet: (1) Spammer's web site (2) Spammer (3) Spamware (4) Infected computers (5) Virus or trojan (6) Mail servers (7) Users (8) Web traffic
Common name
Storm Botnet
Technical name
As Dorf
Mal/Dorf-[Letter] (Sophos)
Trojan.Win32.Dorf.[Letter] (v) (Sunbelt Software)
As Ecard
Trojan:Win32/ECardViewer (Microsoft)
Aliases
Dorf, Ecard
Point of origin
Russia
Author(s)
Russian Business Network (speculated)
Operating system(s) affected
Windows 95, Windows 98, Windows ME, Windows XP
Preview warning: Page using Template:Infobox computer virus with unknown parameter "1 = 300px"
Preview warning: Page using Template:Infobox computer virus with unknown parameter "2 = right"
Preview warning: Page using Template:Infobox computer virus with unknown parameter "3 = thumb"
Preview warning: Page using Template:Infobox computer virus with unknown parameter "4 = The typical lifecycle of ..."
The Storm botnet or Storm worm botnet (also known as Dorf botnet and Ecard malware[1]) was a remotely controlled network of "zombie" computers (or "botnet") that had been linked by the Storm Worm, a Trojan horse spread through e-mail spam. At its height in September 2007, the Storm botnet was running on anywhere from 1 million to 50 million computer systems,[2][3] and accounted for 8% of all malware on Microsoft Windows computers.[4] It was first identified around January 2007, having been distributed by email with subjects such as "230 dead as storm batters Europe," giving it its well-known name. The botnet began to decline in late 2007, and by mid-2008 had been reduced to infecting about 85,000 computers, far less than it had infected a year earlier.[5]
As of December 2012, the original creators of Storm have not been found. The Storm botnet has displayed defensive behaviors that indicated that its controllers were actively protecting the botnet against attempts at tracking and disabling it, by specifically attacking the online operations of some security vendors and researchers who had attempted to investigate it.[6] Security expert Joe Stewart revealed that in late 2007, the operators of the botnet began to further decentralize their operations, in possible plans to sell portions of the Storm botnet to other operators. It was reportedly powerful enough to force entire countries off the Internet, and was estimated to be capable of executing more instructions per second than some of the world's top supercomputers.[7] The United States Federal Bureau of Investigation considered the botnet a major risk to increased bank fraud, identity theft, and other cybercrimes.[8][9]
^"Storm Worm's virulence may change tactics". British Computer Society. August 2, 2007. Archived from the original on October 12, 2007. Retrieved 2007-10-10.
^Dvorsky, George (September 24, 2007). "Storm Botnet storms the Net". Institute for Ethics and Emerging Technologies. Retrieved 2007-10-10.
^Keizer, Gregg (9 April 2008). "Top botnets control 1M hijacked computers". Computer World. Retrieved 24 December 2012.
^Leyden, John (September 25, 2007). "Storm Worm retaliates against security researchers". The Register. Retrieved 2007-10-25.
^Fisher, Dennis (2007-10-22). "Experts predict Storm Trojan's reign to continue". Search Security. Archived from the original on 2007-12-17. Retrieved 2007-12-26.
^Coca, Rick (2007-12-18). "FBI: 'Botnets' threaten online security". Inside Bay Area. Retrieved 2007-12-27.
Stormbotnet or Storm worm botnet (also known as Dorf botnet and Ecard malware) was a remotely controlled network of "zombie" computers (or "botnet")...
A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS)...
into a botnet. While most botnets are controlled through a central server, which if found can be taken down to destroy the botnet, the Storm Worm seeds...
DHTs include BitTorrent's distributed tracker, the Kad network, the Stormbotnet, the Tox instant messenger, Freenet, the YaCy search engine, and the...
highly publicized Stormbotnet only manages to reach around 20% of the total number of spam sent during its peak periods. The Srizbi botnet showed a relative...
400,000 infected machines. This was more than twice the size of the Stormbotnet, which was previously considered to be the largest zombie network. Prevalence...
over 35,000 computers owned by Saudi Aramco. Storm Worm - A Windows trojan horse that forms the Stormbotnet Stuxnet First destructive ICS-targeting Trojan...
17: Storm Worm identified as a fast-spreading email spamming threat to Microsoft systems. It begins gathering infected computers into the Stormbotnet. By...
The Rustock botnet was a botnet that operated from around 2006 until March 2011. It consisted of computers running Microsoft Windows, and was capable...
Stormbotnet. On 2 March 2010, Spanish investigators arrested three men suspected of infecting over 13 million computers around the world. The botnet...
PHP-based malware kit MPack and an alleged operator of the now defunct Stormbotnet. The RBN, which is notorious for its hosting of illegal and dubious businesses...
professionals that Kuvayev may be involved in the operation and control of the Stormbotnet. As of 1 June 2011, Kuvayev has confessed to sex crimes, sexually molesting...
pharmaceutical spam and one in 200,000 for infection sites as used by the Stormbotnet. The authors of the study calculating those conversion rates noted, "After...
of either the Storm or Waledac botnet, due to similarities in the modus operandi and source code of the bot, but analysis of the botnet showed it was...
warfare Psychological warfare Public affairs (military) Public relations Stormbotnet Transparency Group specific: Chinese information operations and information...
dictionary attacks on administrator passwords to propagate while forming a botnet, and has been unusually difficult to counter because of its combined use...
In January, 2008, 8% of all e-mail spam was sent by the Stormbotnet, created by the Storm Worm, first released in January, 2007. It is estimated that...
November 2013. Storm, Darlene (2 June 2014). "Wham bam: Global Operation Tovar whacks CryptoLocker ransomware & GameOver Zeus botnet". Computerworld...
widely documented that the Emotet authors have used the malware to create a botnet of infected computers to which they sell access in an Infrastructure-as-a-Service...
ever-changing network of compromised hosts acting as reverse proxies to the backend botnet master—a bulletproof autonomous system. It can also refer to the combination...
enforcement agencies from multiple countries against the Gameover ZeuS botnet, which was believed by the investigators to have been used in bank fraud...