Storm Worm Visualization
Thursday, November 29. 2007
In the past few days, Storm was rather calm - most mails sent by this botnet were related to stock spam. Furthermore, the websites that host the actual malware sample currently do not have any content: they serve the usual file (sony.exe), but no HTML page is returned by the server.
Back in October, I created an ipmap, a 2D visualizations of IP address space similar to the map of the Internet, of the Storm network:
Each white dot depicts a /24 network in which at least one IP address is infected with Storm Worm. The picture shows that the distribution of the malware is scattered, with some netblock clearly dominating. These netblocks are usually dial-up networks from the US.
Back in October, I created an ipmap, a 2D visualizations of IP address space similar to the map of the Internet, of the Storm network:
Each white dot depicts a /24 network in which at least one IP address is infected with Storm Worm. The picture shows that the distribution of the malware is scattered, with some netblock clearly dominating. These netblocks are usually dial-up networks from the US.
".
