Stormy Weather
A quantitative assessment of the Storm web threat in 2007
  q

Raimund Genes, Anthony Arrott, and David San...
Stormy Weather
  A quantitative assessment of the Storm web threat in 2007



 Storm activity by country of IP source




...
Stormy Weather
  A quantitative assessment of the Storm web threat in 2007



 How does Storm infect computers?
 •       U...
Stormy Weather
  A quantitative assessment of the Storm web threat in 2007



 What does Storm do to make money for its pe...
Stormy Weather
  A quantitative assessment of the Storm web threat in 2007



 How does Storm protect itself from detectio...
Stormy Weather
  A quantitative assessment of the Storm web threat in 2007



 Storm outbreaks in 2007
         – 17 Jan 0...
Stormy Weather
  A quantitative assessment of the Storm web threat in 2007




                  spam




VB2008 - Ottawa ...
Stormy Weather
  A quantitative assessment of the Storm web threat in 2007




                                           ...
Stormy Weather
  A quantitative assessment of the Storm web threat in 2007




                                           ...
Stormy Weather
  A quantitative assessment of the Storm web threat in 2007




VB2008 - Ottawa   October 2008   10        ...
Stormy Weather
  A quantitative assessment of the Storm web threat in 2007




                                           ...
Thank you




VB2008 - Ottawa   October 2008
Upcoming SlideShare
Loading in …5
×

Stormy Weather

557 views

Published on

a quantitative assessment of the Storm web threat in 2007
(presentation slides)

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
557
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Stormy Weather

  1. 1. Stormy Weather A quantitative assessment of the Storm web threat in 2007 q Raimund Genes, Anthony Arrott, and David Sancho Trend Micro VB2008 - Ottawa October 2008
  2. 2. Stormy Weather A quantitative assessment of the Storm web threat in 2007 Storm activity by country of IP source VB2008 - Ottawa October 2008 2 Copyright 2008 - Trend Micro Inc.
  3. 3. Stormy Weather A quantitative assessment of the Storm web threat in 2007 How does Storm infect computers? • Users open executable email attachments (e.g. ‘Full Story.exe’) or • Users visit infected websites (e.g. ‘click_for_full_story’) • Either way, user click results in becoming a remotely-controlled botnet zombie VB2008 - Ottawa October 2008 3 Copyright 2008 - Trend Micro Inc.
  4. 4. Stormy Weather A quantitative assessment of the Storm web threat in 2007 What does Storm do to make money for its perpetrators? • ‘Botnets for rent’ in underground economy • Rented botnets used: – as spam engines – in denial of service attacks • Sell mined zombie data (e.g. address book contents) VB2008 - Ottawa October 2008 4 Copyright 2008 - Trend Micro Inc.
  5. 5. Stormy Weather A quantitative assessment of the Storm web threat in 2007 How does Storm protect itself from detection & removal? • Infects host zombies with rootkits • Provides periodic updates of malware code • Botnets configured – decentralized control – rotating activation – enhanced encryption encr ption – frequent code replacement VB2008 - Ottawa October 2008 5 Copyright 2008 - Trend Micro Inc.
  6. 6. Stormy Weather A quantitative assessment of the Storm web threat in 2007 Storm outbreaks in 2007 – 17 Jan 07 – “European Storm” Spam – 12 Apr 07 – “Worm Alert” Spam – 27 Jun 07 – “E-card” (applet.exe) – 4 July 07 – “231st B-day” – 2 Sep 07 – “Labor Day” (labor.exe) – 5 Sep 07 – “Tor Proxy” Tor Proxy – 10 Sep 07 – “NFL Tracker” – 17 S 07 – “A d G Sep “Arcade Games” ” Adopted from: Porras Saidi & Yagneswaran Porras, VB2008 - Ottawa October 2008 6 Copyright 2008 - Trend Micro Inc.
  7. 7. Stormy Weather A quantitative assessment of the Storm web threat in 2007 spam VB2008 - Ottawa October 2008 7 Copyright 2008 - Trend Micro Inc.
  8. 8. Stormy Weather A quantitative assessment of the Storm web threat in 2007 source: Trend Micro VB2008 - Ottawa October 2008 8 Copyright 2008 - Trend Micro Inc.
  9. 9. Stormy Weather A quantitative assessment of the Storm web threat in 2007 spam volume VB2008 - Ottawa October 2008 9 Copyright 2008 - Trend Micro Inc.
  10. 10. Stormy Weather A quantitative assessment of the Storm web threat in 2007 VB2008 - Ottawa October 2008 10 Copyright 2008 - Trend Micro Inc.
  11. 11. Stormy Weather A quantitative assessment of the Storm web threat in 2007 ? VB2008 - Ottawa October 2008 11 Copyright 2008 - Trend Micro Inc.
  12. 12. Thank you VB2008 - Ottawa October 2008

×