(((They used to be some of the tightest malware coders in the business, but nowadays they're getting sloppy. They're rentiers; all they have to do is clip coupons from the income, then come in on holidays to juice-up the social-engineering messages.)))
(((They're the ISP for black globalization.)))
Link: Storm botnet takes advantage of Valentine's Day | 21 Feb 2008 | ComputerWeekly.com.
Several researchers suggested this Valentine's Day was the first example of botnets being hired by criminals on a large scale. In effect, Storm is becoming the virtual internet service provider for the criminal class, they say. (...)
Graham Cluley, senior technology consultant at Sophos, an IT security company, said Storm's owners are now showing less care in coding, despite the huge number of variations they have brought out. This was a symptom of Storm's maturity as a product. "It is almost as if they always have another version in the pipeline. It is now about driving cost down and getting the job done," he said.
Cluley said what distinguished Storm was the "ferocity" with which its developers have combined different techniques to make Storm a means to make money. They do this by renting it to criminals who sell pornography or counterfeit products, extort money from banks and gambling companies whose website they block, and who steal personal details to commit fraud, among others.
Almost all the Storm traffic comes from as many as a million home PCs connected to broadband networks, researchers said. The chances of cleansing them all are remote. That means Storm may have become pervasive, said Mark Murtagh, technical director of Websense. (((Especially since other estimates of Storm have ranked it as high as 50 million.)))
Its pervasiveness, its persistence, its technology and its management make Storm impossible to defeat purely with technology, researchers say. Because Storm depends on people clicking to connect to an insecure website, users will have to stop doing that, and law enforcement and police have to trace and arrest the Storm gang, they say.
But there is no globally enforceable legal injection against developing products such as Storm, Murtagh said. "We have to hope that the criminals break some other law connected to pornography, paedophilia, counterfeiting or gambling so that the police can act." (((Oh what hokum. This is like expecting to bust Don Corleone for reading PLAYBOY.)))
Researchers note that Storm's owners "have a life" outside computers. All Storm attacks to date have related to social events such as Valentine's Day, New Year, and news. "The Olympics promises to be huge (for Storm)," said Hubbard. Then there's Easter, the US election, and ad hoc news events....
