Security news30 January 2008
Will you be spewing Storm spam at 10am tomorrow morning? Research reveals the daily rise and fall of Storm botnet, as malware attack accounts for one in 25 of all emails
IT security and control firm Sophos has identified a trend of spam email traffic peaking in accordance with time zones across the world. Spam emails luring unsuspecting users to infection by the Storm (or Dorf) Trojan accounted for four percent of total email traffic in January, with peaks in traffic occurring three times in any 24 hour period - as computers in Beijing, London and New York come online.
At its most prolific this month, malicious Storm spam accounted for 16 percent, or one in six, of all emails.
Spams related to the Storm worm, also known as Dorf, peak in volume three times a day.
"The gang controlling the Storm botnet is clearly determined; the spam emails which spread the malware are tailored to grab your attention by referring to timely events such as Valentine's Day or breaking news stories," said Graham Cluley, senior technology consultant at Sophos. "The large number of compromised PCs in Asia, Europe and USA kickstart a new barrage of malicious spam as they are turned on at approximately 10am each morning."
The Storm spam volume peaks as computers in Asia, Europe and USA come online at 10am in their respective timezones.
In 2007, over 50,000 variants of the Storm Trojan were identified by SophosLabs, and with the hackers spamming out new versions so regularly, it is imperative that all businesses ensure their spam and anti-malware solutions are proactively defended and up to the task of stopping both known and unknown malware before it can wreak havoc.
"Not only do computers need to be protected from this malicious spam, designed to break into their PC and hand control over to financially-motivated hackers, but they also need to be properly defended to make sure that they are not responsible for sending the spam in the first place," continued Cluley. "The entire internet community is suffering because people have not properly defended their PCs from unknowingly contributing to the problem. Storm is an evolving problem for businesses, computer users and service providers around the world, who all need to act now in order to curb its spread."
Last week, Sophos published its Security Threat Report 2008, which included a detailed chronology of Storm's impact and the different disguises it used during the last 12 months.
- Read more about Sophos's research into how the Storm spam-runs follow the sun on the SophosLabs blog
- Download "Sophos Security Threat Report 2008"
Sophos recommends companies protect themselves with a consolidated solution which can control network access and defend against the threats of spam, hackers, spyware and viruses.
Free virus scan
- Free virus, spyware, and adware scan
- Test your existing anti-virus protection
- Find threats your anti-virus missed
About Sophos
More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing security and data protection solutions that are simple to manage, deploy and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, and network access control solutions backed by SophosLabs - a global network of threat intelligence centers. With more than two decades of experience, Sophos is regarded as a leader in security and data protection by top analyst firms and has received many industry awards.
Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.
