Storm Worm starts phishing

Denial-of-service botnet is now being used to send out emails targeting online banking customers

Phishing is a new route for the Storm botnet

The infamous Storm Worm botnet – one of the largest ever to have existed – has turned its attentions to phishing.

Previously used for denial-of-service attacks and artificially inflating stock prices, the network of zombie computers is now being used to send out emails to Barclays customers aiming to steal customer details.

The development is a new stage in the Storm Worm's evolution, according to a report by security software supplier Fortinet.

"Its involvement in bank phishing marks a milestone in Storm's evolution: while spam is an annoyance, phishing is a threat that typically aims to siphon targeted end-users bank accounts," says the report.

The storm botnet is now a year old, having hidden in e-mail attachments with the subject line "230 dead as storm batters Europe."

Different security vendors estimate the botnet consists of between one million and fifty million people worldwide.

Some security vendors are wary of examining the botnet too closely after IBM researchers reported being hit with a denial of service attacks after attempts to find out which machines were controlling the network.