Skip navigation.
Home

Storm Worm Study

|

I have just completed a web page where I present my work on the Storm Worm. I built a Crawler on the Overnet P2P network and some of the outcomes i am getting are presented in this website.

http://planete.inrialpes.fr/~perito/

I hope you enjoy it!

Your numbers

Hi Dan, good to see your work. Can you talk a little bit more about which Storm network you are crawling and how you differentiate between Storm and legit clients like MLDonkey? Your numbers roughly jive with the number of Storm infections I see on the public Overnet network so I'm curious how you can tell Storm from MLDonkey.

My crawler number suggest there are many more more infections on the encrypted Overnet network.

I do see a crawler on the encrypted Overnet network from France. The whois information is:

Reseau de l'Unite de Recherche Rhone-Alpes de l'INRIA

It is using OID 7A9FE8FC8B637E9B3022B0F6D0DFD72F. Is that your crawler?

I look forward to seeing future papers on you data and methodology.

Brandon

Explanation

Hi Brandon,

I guess further explanation are due since the page is not very clear as it is.
I am actually crawling the encrypted network using the only key that I encountered so far

\xf3\xaa\x58\x0e\x78\xde\x9b\x37\x15\x74\x2c\x8f\xb3\x41\xc5\x50\x33\x7a\x63\x3d\xe6\x13\xdf\x6c\x46\xca\xbe\x9a\x77\x48\x94\x02\xc0\xf3\x66\x49\xee\x87\x21\xbb

I'd like to talk with you regarding my methodology and data.

My email address is dan.perito@gmail.com contact me there and I'll give you all the information.

Daniele