Nearly nine months after it was first discovered, the Storm Worm Trojan continues to surge, building what experts believe could be the world's most powerful supercomputer.
The Trojan, which uses a myriad of social engineering lures to trick Windows users into downloading malware, has successfully seeded a massive botnet -- between one million and 10 million CPUs -- producing computing power to rival the world's top 10 supercomputers
By New Zealand computer scientist Peter Gutman's calculations, the Storm Worm botnet "may be the first time that a top 10 supercomputer has been controlled not by a government or mega-corporation but by criminals."
The question remains, now that they have the world's most powerful supercomputer system at their disposal, what are they going to do with it?
At current infection rates, Gutman's concerns are genuine and the relentless nature of the ongoing attacks suggest that the criminal minds behind this botnet are far from satisfied.
Malware researchers tracking the threat are privately awed by the sheer volume of spam with social engineering lures to malicious executables. "It's nonstop, never-ending," said a virus analyst at a major computer security firm.
The attackers have tied the spam lures to global news events, links to YouTube videos and online greeting cards. The sophisticated operation includes the use of fast-flux networks to avoid shutdowns, a rootkit component to hide from anti-virus scanners and a P2P command-and-control structure that makes it near impossible to kill the controlling server.
The Storm Worm attackers have also hacked into legitimate Web sites and used iFrame redirects to send surfers to Web servers hosting malware downloaders.
Now, according to Finjan security researcher Aviv Raff, the group has started to target tech-savvy computer users.
"Up until now, they've put greeting cards for holidays, and video downloads. Today they've changed their website and put a "Download Tor" Web page," Raff said in an interview.
The page displays a legitimate looking download page for the Tor (The Onion Router) network anonymity proxy and a "download now" image that points to a malicious "tor.exe" file.
Raff said the malicious pages are hosting exploits from the MPack crimeware toolkit, which recently added new Internet Explorer and Yahoo Webcam exploits.