The folks at MessageLabs are stating that the Storm botnet has dropped down to around 100K nodes from it’s prjected high of over two million.
From IT News:
MessageLabs’ Intelligence Report for April 2008 said that new malicious software removal tools aimed at removing Storm infections were responsible for the sudden reduction in Storm-infected computers.
The security firm now estimates the botnet at approximately 100,000 compromised computers, down from previous estimates of two million.
This is evidenced by a 57 percent decrease in malware-laden emails distributed by the Storm botnet during April.
However, analysis of web-based malware suggests that 36.1 percent of interceptions in April were new, an increase of 23.3 percent since March.
MessageLabs also identified an average of 1,214 new websites per day harbouring malware and other potentially unwanted programs such as spyware and adware, an increase of 619 compared with the previous month.
“April was a month of unpredictability with the mighty Storm botnet losing all but five per cent of its anonymous army, and web-based malware reaching new levels,” said Mark Sunner, chief security analyst at MessageLabs.
It would be safe to surmise that the botnet node number will spike again with the next major vulnerability/holiday combination.