The Storm botnet first appeared in January 2007. It is believed that Storm reached its peak around September 2007 when it could be linked to approximately 20 percent of all spam in circulation. Marshal believes that contribution has slowly dwindled to around 2 percent as of January 20, 2008.
"It is hard to say with any degree of certainty why the Storm botnet has been declining," said Bradley Anstis, Marshal Vice-President of Products. "Just last week we saw a renewed campaign to distribute the Storm malware under the guise of a love letter. It could be surmised that Storm is a victim of its own success. Microsoft has been targeting Storm with its Malicious Software Removal Tool since September last year. They claim that they have cleaned around 200,000 computers per week of the Storm bot since then. If that is accurate, it must be a key reason for the decline of Storm," Anstis explained.
"Unfortunately, the news is not positive. We have been tracking a number of other botnets that have stepped up to replace Storm. Storm is one of five botnets that we have been monitoring that we believe are responsible for approximately 75 percent of all spam in circulation. One particular botnet which heavily promotes a certain brand of male enhancement pills accounts for nearly 30 percent. This one bot has already exceeded Storm's records and it has done it quietly without attracting too much attention. This might signal a new strategy by some of the spam crews to try and draw less attention to themselves through high profile e-mail campaigns," said Anstis.
"It is also possible that the individuals behind the Storm botnet are responsible for one or more of these new botnets. These people are smart and one lesson they may have learnt from Storm is to stay under the radar if they want to remain successful. There is a lot of crossover with the products being promoted by all five of these botnets. This could indicate some sort of connection between them," mentioned Anstis.
