Storm Worm - Comprehensive Analysis by Cyber-TA
One of the most technical and in-depth analysis of the Storm Worm botnet can be found in the links below. Every new development should be watched by security professionals, as these constant attacks use convincing and innovative social engineering schemes (e.g., e-cards). Once a workstation becomes infected, it becomes a member of the botnet consisting of at least 1.6 PCs. These infections are also difficult to detect and clean as advanced rootkit techniques are used.
Storm Worm - Comprehensive Analysis by Cyber-TA
http://www.cyber-ta.org/pubs/StormWorm/
http://www.cyber-ta.org/pubs/StormWorm/report/
http://www.cyber-ta.org/pubs/StormWorm/links.html
QUOTE: Since early 2007 a new form of malware has made its presence known on the Internet by its prolific growth rate, its ability to distribute large volumes of spam, and its ability to avoid detection and eradication. Storm Worm (or W32.Peacomm, Nuwar, Tibs, Zhelatin), as it is known, is a highly prolific new generation of malware that has gained a significant foothold in unsuspecting Microsoft Windows computers across the Internet.
Storm, like all bots, distinguishes itself from other forms of malware by its ability to establish a control channel that allows its infected clients to operate as a coordinated collective, or botnet. However, even among botnets Storm has further distinguished itself by being among the first to introduce a fully P2P control channel, to utilize fast-flux to hide its binary distribution points, and to aggressively defend itself from those who would seek to reverse engineer its logic. Despite all the hype and paranoia surrounding Storm, the inner workings of this botnet largely remain a mystery.
Additional Links and Information
http://en.wikipedia.org/wiki/Storm_Worm
http://www.cyber-ta.org/pubs/StormWorm/links.html