IPStorm

Some more dedicated cybercriminals focus their efforts into building large-scale botnets, which can be used for various purposes and prove to be very profitable. However, building up a sizeable botnet and then maintaining it is not achievable easily. This is why not many cyber crooks have succeeded in this task. Botnets can be employed in different operations. A very common one is using a botnet for a DDoS (Distributed Denial of Service) attacks. Other times the hijacked machines can be used for mining cryptocurrency, which is then sent to the operator of the botnet. However, when spotted, it may not be evident what the purpose of a botnet is. This is the case of the IPStorm botnet – malware researchers are yet to identify what operations this botnet is involved in.

It has not been confirmed how this threat is being propagated. The IPStorm botnet employs a rather innovative method of communicating between the infiltrated machines and the C&C (Command & Control) servers of the operators – the attackers have implemented a legitimate peer-to-peer network communication using the IPFS (InterPlanetary File System). This is an almost flawless method of communicating as the corrupted code is mixed in with the legitimate data transmitted via the IPFS. This aids to the anonymity of the attackers. The IPStorm malware is capable of executing PowerShell commands, which means that the operators of this threat can perform various tasks on the infiltrated computer. The attackers could look for certain files on the system or download and execute additional malware.

The creators of the IPStorm botnet are still growing their network, which at the moment has infected about 3,000 computers. It is likely that the operators of this botnet will continue to update their creation periodically. It is recommended the download and installation of a reputable ant-virus suite to ensure the safety of your PC.