In the early half of this decade, many security people touted the dreaded zero days as the future downfall of corporate security. You may also remember that several worms were written to test the impact of zero day exploits.

Security practitioners and the media stirred up a frenzy by hyping the amorphous Internet underground that was responsible for discovering zero days and distributing exploit code. While these were menacing times, the good news back then was that the worms were written simply for fame and were easy to spot and defend against.

But times have changed and so has the motive behind cyber attacks.

Almost all are profit driven, and as such, criminals are basing their business models after that of legitimate corporations. Criminals are now attempting to maximize profit with the fewest number of resources.

Criminal malware writers have learned that zero day exploits are not nearly as profitable as good old known vulnerabilities. In fact, leveraging 20-year-old technology such as IRC (Internet Relay Chat) and known engineering issues with antivirus has proven to be extremely successful. Not long ago people were afraid of sites like WabiSabiLabi Ltd. But time has illustrated that auctioning off zero day code isn't nearly as profitable as executing botnets that use a tiered, known vulnerability approach.

What does this all mean?

Let's look at signature based AV products. For years, security experts have warned that this approach has crossed the point of diminishing returns. Still, organizations and individuals deploy this technology.

For years, security experts warned of issues with DNS, yet organizations and individuals blindly trust this service. And for years, security experts warned of the huge potential for abuse of mesh networks like P2P, and yet this fell on deaf ears.

Then in walks the Storm botnet, which leverages all of these well known issues in a tiered architecture.

On top of that, the botnet was designed to be silent, decentralized in operation and control, and with social engineering vectors as the primary mode of distribution. These vectors range from PDF files to e-cards. Storm is a profit driven botnet and because of the huge success, its operators are actually attacking those who attempt to infiltrate and destroy it.

Security expert Bruce Schneier wrote the following in his blog.

"Storm began attacking anti-spam sites focused on identifying it -- spamhaus.org, 419eater and so on -- and the personal website of Joe Stewart, who published an analysis of Storm. I am reminded of a basic theory of war: Take out your enemy's reconnaissance. Or a basic theory of urban gangs and some governments: Make sure others know not to mess with you."

The result? Arguably the largest and most well known and profitable botnet to date.

This article was first published on EnterpriseITPlanet.com.