Is the Storm worm really making millions of dollars every day?

Malicious code writers are increasingly in it purely for the money, rather than the notoriety

A senior security strategist employed by IBM has been reported as saying that the creators of the Storm worm are making “millions and millions” of dollars every day by using the many millions of infected computers to spread spam with.

Joshua Corman, principal security strategist at IBM, was speaking at the NetEvents IT and communications conference in Barcelona last week and was talking about how malicious code writers are increasingly motivated by profit over a desire for notoriety, when he drew upon the example of the year-old Storm phenomenon.

“Storm is enjoying tremendous financial success because it uses malicious code activity on end-points as a source of revenue generation to send spam," he was reported to have said. "They are making millions and millions of dollars every day."

While there seems little doubt that the sheer size of the Storm botnet is easily able to facilitate a great deal of unwanted spam, the “millions of dollars” claim has to be taken with a very liberal pinch of salt. Especially since Mr Corman failed to give any indication of how he had arrived at that figure.

As Graham Cluley, senior technology consultant at security firm Sophos explains, the only people who really know how much money Storm is making are the people behind it: “I don’t know how they’ve arrived at this figure, but it’s certainly arresting and has helped to generate some headlines,” Mr Cluley told

“We do know that the people behind Storm are leasing out their army of computers to deliver spam, but we have no credible idea of how much money they are making from that operation. Several million dollars a day sounds like an awful lot,” he said.

But while the “millions and millions of dollars a day” claim appears to be somewhat over the top, the Storm remains a very persistant threat that is showing very little sign of petering out into a gentle breeze just yet: “Storm has been causing major problems so far in 2008,” says Cluley. “Over ten per cent of all spam sent in January can be attributed to the Storm worm.”

The TechRadar hive mind. The Megazord. The Voltron. When our powers combine, we become 'TECHRADAR STAFF'. You'll usually see this author name when the entire team has collaborated on a project or an article, whether that's a run-down ranking of our favorite Marvel films, or a round-up of all the coolest things we've collectively seen at annual tech shows like CES and MWC. We are one.