Holiday infections from Christmas to New Years led to the Storm botnet increasing by more than 200 percent.
|Storm Botnet Triples In Size|
Social engineering proved to be the key, as Trend Micro researcher Paul Ferguson learned to his astonishment that people keep clicking on things they shouldn’t, like fake e-greeting cards.
“Users keep on allowing themselves to fall prey to these tactics,” Ferguson said of the social engineering. “And people keep on clicking on them. Why should cyber criminals try harder when there is so much ‘low hanging fruit’?”
The rise in Storm compromises received notice by the maintainers of the German Honeynet Project. They noted a jump in the spam being pumped out by the Storm botnet, with Christmas and New Years messages hitting inboxes by the thousands.
“For now, the botnet has peaked at about 40 thousand infected machines being online at a time,” Thorsten Holz wrote at the Honeynet blog.
We know the problem, but implementing a solution might be a tougher challenge. Since Storm traffic can be identified, should Internet service providers be responsible for shutting off access for compromised customers until they clean their PCs?
New computers come with trial versions of for-pay antivirus software. We have to guess a lot of this is expiring and not being renewed with a paid subscription. Should there be a law requiring ISPs to provide AV software as part of a customer’s contract for Net access?
Imagine the security vendor competition for that initiative, were it to come to pass. Of course, that would only take care of the Storm botnet machines in the US. It would be a good start, but not an encompassing solution.