"Last month, Ren-Isac, a collaboration of higher-education security researchers, sent out a warning that the Storm worm authors had another trick up their sleeves. The botnet actually is attacking computers that are trying to weed it out. It's set up to launch a distributed denial-of-service attack against any computer that is scanning a network for vulnerabilities or malware.
The warning noted that researchers have seen "numerous" Storm-related DoS attacks recently. MessageLabs' Sergeant said the botnet also has been launching DoS attacks against anti-spam organizations and even individual researchers who have been investigating it. (((They're ego-surfing, then whacking grown-ups they spot on Google.)))
"If a researcher is repeatedly trying to pull down the malware to examine it the botnet knows you're a researcher and launches an attack against you," he said.
Lawrence Baldwin, chief forensic officer of MyNetWatchman.com, said he doesn't have a handle on how big the overall botnet has become but he's calculated that 5,000 to 6,000 computers are being used just to host the malicious Web sites that the Storm worm spam e-mails are linking users to. (((Could be yours, PC-user!)))
And he added that while the now-well-known e-cards and fake news spam is being used to build up the already massive botnet, the authors are using pump-and-dump scams to make money. "That's pretty scary," he said. "Cumulatively, Storm is sending billions of messages a day. It could be double digits in the billions, easily."
