Goodbye Storm?

The former king of spam, and perhaps the most discussed and studied botnet ever, seems to have gone away.  Spam originating from the Storm botnet suddenly dried up in mid-September. Since that time we have not detected a single Storm spam in our traps.

The folks at sudosecure.net have also noticed the Storm subsidence, observing that surviving storm bot peers still communicate with each other, but that certain Storm hosts simply answer with "Go away, we're not home".

At its peak in mid 2007, we estimated Storm was responsible for some 20% of all spam .  Storm’s spam attacks were high profile and distinctive.  Its peer-to-peer communication model was revolutionary and it was quick to use the fast flux – rapidly changing DNS - to hide its hosts.    However, following all the attention, and the targeting of Storm by Microsoft with its Malicious Software Removal Tool in September 2007 where some 280,000 PCs were cleaned in one hit, Storm became a much less effective beast.  

So is this the end of Storm?  Certainly, as a spam generator it has been a minor player for the best part of a year now, with other botnets namely Srizbi, Rustock, Pushdo, and Mega-D taking over as the spam heavies.   Perhaps Storm is now obsolete, having been supplanted by a better botnet.  Or maybe Storm’s owners are sitting back, avoiding attention and redesigning aspects of their creation.  Only time will tell.