Great article by Ian Grant in Computer Weekly on Storm's return. It's a great example of self-replication in action.
After months of relative dormancy, traffic generated by the Storm botnet ramped up just before Valentine's Day to peak at between 4% and 5% of internet traffic, said researchers at e-mail hosting service MessageLabs, and security supplier Kaspersky Labs.
Decentralized command and control eliminates vulnerable nodes:
Each infected PC carries the entire Storm malcode. This means there is no central "mothership" to detect and keep off the internet. Once the botnet is set up, the owners can seed infected PCs with a malcode program to capture keystrokes, copy, transmit or delete files.
Given that most personal anti-virus software is now ineffective (computer crime tinkering networks are moving faster than corporate security efforts), this was inevitable:
Storm's success rate has been remarkable around one in three messages resulted in an infection, making it attractive to criminals.
Business platforms for online crime (makes open source crime more effective):
Several researchers suggested this Valentine's Day was the first example of botnets being hired by criminals on a large scale. In effect, Storm is becoming the virtual internet service provider for the criminal class, they say.
Almost all the Storm traffic comes from as many as a million home PCs connected to broadband networks, researchers said. The chances of cleansing them all are remote. That means Storm may have become pervasive, said Mark Murtagh, technical director of Websense.