Will you be spewing Storm spam at 10am tomorrow morning?

January 30, 2008 Sophos Press Release

IT security and control firm Sophos has identified a trend of spam email traffic peaking in accordance with time zones across the world. Spam emails luring unsuspecting users to infection by the Storm (or Dorf) Trojan accounted for four percent of total email traffic in January, with peaks in traffic occurring three times in any 24 hour period - as computers in Beijing, London and New York come online.

At its most prolific this month, malicious Storm spam accounted for 16 percent, or one in six, of all emails.

Spams related to the Storm worm, also known as Dorf, peak in volume three times a day.
Spams related to the Storm worm, also known as Dorf, peak in volume three times a day.

"The gang controlling the Storm botnet is clearly determined; the spam emails which spread the malware are tailored to grab your attention by referring to timely events such as Valentine's Day or breaking news stories," said Graham Cluley, senior technology consultant at Sophos. "The large number of compromised PCs in Asia, Europe and USA kickstart a new barrage of malicious spam as they are turned on at approximately 10am each morning."

The Storm spam volume peaks as computers in Asia, Europe and USA come online
The Storm spam volume peaks as computers in Asia, Europe and USA come online at 10am in their respective timezones.

In 2007, over 50,000 variants of the Storm Trojan were identified by SophosLabs, and with the hackers spamming out new versions so regularly, it is imperative that all businesses ensure their spam and anti-malware solutions are proactively defended and up to the task of stopping both known and unknown malware before it can wreak havoc.

"Not only do computers need to be protected from this malicious spam, designed to break into their PC and hand control over to financially-motivated hackers, but they also need to be properly defended to make sure that they are not responsible for sending the spam in the first place," continued Cluley. "The entire internet community is suffering because people have not properly defended their PCs from unknowingly contributing to the problem. Storm is an evolving problem for businesses, computer users and service providers around the world, who all need to act now in order to curb its spread."

Last week, Sophos published its Security Threat Report 2008, which included a detailed chronology of Storm's impact and the different disguises it used during the last 12 months.

Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.