While researchers have disagreed as to the size and importance of the Kraken botnet, the malicious software has compromised roughly the same number of computers as a more famous bot program, Storm, Microsoft's security response team stated last week in a blog post.
Early data from Microsoft's Malicious Software Removal Tool indicates that the Kraken botnet, which the company refers to as Oderoor, reached about 80 percent of the size of the Storm botnet, the team stated. In the first week following the inclusion of Kraken into its Malicious Software Removal Tool, Microsoft detected nearly 464,000 instances of the program and cleaned 254,000 machines. For the Storm Worm, which Microsoft refers to as Nuwar, the company detected 537,000 copies and deleted the program from nearly 320,000 machines in its first week.
"So was that Kraken botnet all it was Kraked up to be? I think yes," the Microsoft team stated. "This botnet received a lot less hype than Nuwar's (Storm's) network, but achieved pretty high infection numbers."
The Storm Worm -- a misnomer as the program does not spread on its own -- caught the attention of antivirus researchers more than a year ago and, due to ongoing development efforts by its authors, has continued to effectively spread. The bot software originally attempted to overwhelm antivirus software by creating thousands of variants so that virus analysts would be swamped. Later versions married the software to spam networks to more effectively find victims. The software authors have also built in a component that can attack back at investigators who attempt to find infected computers.
Microsoft's inclusion of the Storm Worm into its Malicious Software Removal Tool led to a dramatic decline in the number detected among the 500 million machines that regularly use Windows Update, the software giant has said.
Kraken, or Oderoor as Microsoft calls the bot software, was the fourth most detected malware, according to the software giant.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos