Has Storm stopped sending spam?

Researchers find that spam output produced by the once prolific botnet has dwindled to almost nothing in the last month.

Robert Vamosi Former Editor

As CNET's former resident security expert, Robert Vamosi has been interviewed on the BBC, CNN, MSNBC, and other outlets to share his knowledge about the latest online threats and to offer advice on personal and corporate security.

See full bio

Robert Vamosi

Oct. 15, 2008 3:32 p.m. PT

The daily volume of spam produced by the Storm botnet during 2008. Marshall

The creators of the Storm botnet have either ceased sending out spam or have moved on to a newer botnet, security researchers have concluded.

Marshal, a security vendor that specializes in spam protection, on Tuesday noted a marked downturn in the amount of spam attributed to hosts infected with Storm within the last month. For the last few weeks other researchers have also noticed the sharp decline.

"We don't know what happened here, if somebody put the kibosh on them or not," said Jose Nazario, a security researcher for Arbor Networks. "In terms of the number of hosts out there, there are still a lot of hosts--they're just sort of quiet."

Storm started and got its name from an infected e-mail promising information about a large winter storm in Europe in early 2007.

At its peak, in mid-2007, Storm accounted for up to 20 percent of all spam sent. Then, in September 2007, Microsoft included a removal signature in its Malicious Software Removal Tool. Security experts say that update alone removed up to a quarter million infected hosts and greatly diminished Storm's ability to produce large spam campaigns despite a few attempts earlier this year.