What is Storm?:
The Storm bot is a backdoor component that allows remote surreptitious access to infected systems. The Storm-infected computers (collectively, the Storm botnet) are outfitted with a spam relay component (to send spam through infected computers) and a peer networking component (to enable the remote attackers to communicate with the bot infected computers). The Storm botnet harvests email addresses found on infected computers, delivers a downloader/dropper component to update itself or download additional malware, and often installs a rootkit to hide the presence of the Storm malware.
What is a Botnet?:
A botnet is a collection of compromised (infected) computers under the collective control of remote attackers. The malware on the infected computer is known as a bot, a type of backdoor or remote access trojan (RAT). Bots communicate with botnet command and control (c&c) servers, enabling the remote attacker to update existing infections, push new malware, or instruct the infected computer to carry out specific tasks. In general, the presence of the bot gives the remote attacker the same abilities as the legitimate logged in user.
More About Storm:
The Storm family first appeared in mid-2006, but earned its nickname in January 2007 when a batch of the spammed malicious email used the subject line: "". This coincided with a very real storm in Europe in which some deaths were actually reported. The timing of the two lent legitimacy to the Trojaned email, gaining it both more victims and the nickname "Storm worm".
The Storm family of Trojans may be detected by antivirus software using a variety of different names.
As an example, the notorious January variant that earned it the nickname "Storm worm" was detected by antivirus vendors as Trojan-Downloader.Win32.Small.dam, Trojan.Downloader-647, Trojan.DL.Tibs.Gen!Pac13, Email-Worm.Win32.Zhelatin.a (Kaspersky), Downloader-BAI (McAfee), Troj/Dorf-Fam (Sophos), Trojan.Peacomm (Symantec), TROJ_SMALL.EDW (Trend Micro), Win32/Nuwar.N@MM (Microsoft).
Though detection names may vary greatly, the most commonly used names today include Storm, Zhelatin, Peacomm, and Nuwar. The download component is often detected as either a Small or Agent Trojan.
Storm is no longer considered an active botnet; many believe Storm was simply upgraded to the botnet now known as the Waledec botnet.
The Storm bot is a backdoor component that allows remote surreptitious access to infected systems. The Storm-infected computers (collectively, the Storm botnet) are outfitted with a spam relay component (to send spam through infected computers) and a peer networking component (to enable the remote attackers to communicate with the bot infected computers). The Storm botnet harvests email addresses found on infected computers, delivers a downloader/dropper component to update itself or download additional malware, and often installs a rootkit to hide the presence of the Storm malware.
What is a Botnet?:
A botnet is a collection of compromised (infected) computers under the collective control of remote attackers. The malware on the infected computer is known as a bot, a type of backdoor or remote access trojan (RAT). Bots communicate with botnet command and control (c&c) servers, enabling the remote attacker to update existing infections, push new malware, or instruct the infected computer to carry out specific tasks. In general, the presence of the bot gives the remote attacker the same abilities as the legitimate logged in user.
More About Storm:
The Storm family first appeared in mid-2006, but earned its nickname in January 2007 when a batch of the spammed malicious email used the subject line: "". This coincided with a very real storm in Europe in which some deaths were actually reported. The timing of the two lent legitimacy to the Trojaned email, gaining it both more victims and the nickname "Storm worm".
The Storm family of Trojans may be detected by antivirus software using a variety of different names.
As an example, the notorious January variant that earned it the nickname "Storm worm" was detected by antivirus vendors as Trojan-Downloader.Win32.Small.dam, Trojan.Downloader-647, Trojan.DL.Tibs.Gen!Pac13, Email-Worm.Win32.Zhelatin.a (Kaspersky), Downloader-BAI (McAfee), Troj/Dorf-Fam (Sophos), Trojan.Peacomm (Symantec), TROJ_SMALL.EDW (Trend Micro), Win32/Nuwar.N@MM (Microsoft).
Though detection names may vary greatly, the most commonly used names today include Storm, Zhelatin, Peacomm, and Nuwar. The download component is often detected as either a Small or Agent Trojan.
Storm is no longer considered an active botnet; many believe Storm was simply upgraded to the botnet now known as the Waledec botnet.
Source...