Storm: A long and lasting love...

Filed Under: Malware, SophosLabs, Spam

The outbreak of spam linking to Dorf (Storm) malware is far from over. It started in the beginning of last week, exploiting the Valentine's Day theme. Today it is showing no signs of slowing down. The graph below displays the proportion of this spam in overall email volume received globally.

dorf_week.png

Now, what about this cyclical trend during the day? The 3 spikes during each 24-hour period?

To confirm my suspicion, I took a portion of the graph representing a two day interval and laid it on top of a world map. I also had to flip the graph horizontally to match the sunlight direction and aligned it to 10 a.m. local time as this is the time when most people should have their PCs turned on by. The resulting graph brought no surprise.

dorf_spam_volume_small1.png

As expected, the spikes in spam volume can be easily attributed to infected computers coming online in the most "wired" parts of the world. In this case, the daily volume trend for Storm emails just reflects what we normally see for any "botnet-driven" spam.

You might like