Storm Worm sent 15 Million Pump-and-Dump emails in October alone

Storm Worm Alert In August, the return of the potentially dangerous Storm Worm created quite a nuisance on the Internet. Now, anti-spam vendor MessageLabs has reported that the Storm Worm Botnet network has successfully managed to send our over 15 million of those annoying audio spam messages in October 2007.

The Storm messages are given misleading subject lines such as beatles.mp3 and Britney.mp3, they are potentially harmful as they contain worm baits when people open these messages.

Those who open the attachment then unknowingly become a part of a Botnet, which is a collection of compromised computers running programmes having worms under a common command for nefarious purposes.

Experts in India have said that the Storm Virus has been infecting millions of computers. However, it really does not cause any serious damage. But, since the virus is gathering strength, experts are considering it to be a serious threat.

The experts have also expressed their concern citing that in the future the Storm Worm Botnet could serve as an army of commandeered computers to be used by attackers without their owners’ knowledge for a large-scale global attack.

An expert said that the Storm Worm traveled through spam and was showing no signs of slowing down.

“It hasn’t attacked till now. Yet, it is a disturbing trend. It continues to propagate and therefore grow in strength. This poses a serious threat because it may be preparing for a big attack during the festive season. Hackers could wreak serious damage if they unleash a denial-of-service attack with it. What’s worse, you can’t counter the attack by simply blocking a single server because its origin is distributed globally,” the expert said.

This kind of scam, called “pump and dump”, tries to nudge up a price of penny stocks by a cent or two, giving spammers a way to make a quick buck by selling the stock before it crashes.

Spam watchers say that pump-and-dump schemes are the hottest and most lucrative area for spammers today.

The spam run began on Oct. 17, and lasted about 36 hours, using infected computers in the Storm Worm network to send out the mails, MessageLabs said in a statement.

The spam sounded strange and warbly because the voice in the message was “synthesized using a very low compression rate of 16KHz to keep the overall file size small, at around 50KB, to avoid detection,” the company said.