IPStorm

What is IPStorm?

IPStorm is a dangerous computer infection that can be used to do anything to the affected system. It is a botnet, and so the list of the things it could is practically endless. Individual and corporate users should be concerned about such infections because they do not just jump straight into your face. They often work in the background of the system for a very long time. Regular system scans with a licensed antispyware tool should be at the top of your to-do lists; because these scans can help you detect and remove IPStorm sooner. Negligence is never the answer when it comes to cybersecurity.

Where does IPStorm come from?

This botnet is distributed as a Trojan. It means that it might enter the target system via spam email or through website exploit. If that is the case, it means you have landed on a website that has been compromised. When a website is compromised by an exploit kit, the traffic is redirected to another page with malicious code. That code looks for vulnerable applications within your device, and if the vulnerabilities are found, you are further redirected to the exploit.

Needless to say, regular users do not notice the moment they get infected with IPStorm and other similar infections. This means that, to protect the system from such threats, one needs to learn more about cybersecurity, so they could avoid potentially dangerous websites.

What does IPStorm do?

As mentioned, IPStorm is a botnet, and so it can do many things, depending on what its distributors want it to do. However, we should probably talk more about how this infection works.

First, the name IPStorm stands for Inter Planetary Storm. Albeit it sounds very intergalactic, the truth is that it refers to the InterPlanetary File System (IPFS). It is a protocol and network that has been created with the intention to decentralize the internet. This network uses the peer-to-peer (p2p) method to store information and media. If you are familiar with torrents, IPFS is something similar. However, this network can also “store” websites.

Botnets like can use either the server-client model or the p2p model to establish a communication channel between the infected machine and its Command and Control (C2) center. IPStorm uses the p2p model, and it employs the IPFS system to establish communication between the botnet of infected machines. Since this infection uses a well-established network for communication, it can hide parts of its traffic within legitimate traffic. What’s more, sometimes it might be hard to take down the entire botnet without taking down the actual legitimate network.

IPStorm itself is written in the Go programming language, and the infection usually targets the Windows operating system. It also uses antivirus evasion techniques like sleep, generation of random numbers, and memory allocation to avoid getting detected. When it settles in the target system, it employs a hardcoded string to find other computers infected by the same threat.

As mentioned, there might be many things that this application can be programmed to do. IPStorm has a support to download and upload files. By default, the Trojan may collect basic information about the infected system, but it could also be instructed to collect keystrokes or steal online credentials. Not to mention that several machines connected into a big botnet could also be used to perform a DDoS (Distributed Denial of Service) attack on websites.

All in all, researchers seem to think that the likes of IPStorm are another step in the p2p botnet evolution. It raises certain security concerns that have to be addressed immediately if users want to avoid similar infections in the future.

How do I remove IPStorm?

Although it is possible to terminate this infection manually, we would not recommend that for inexperienced users. You can refer to the manual removal guidelines at the bottom of this description, but it would be for the best to invest in a licensed antispyware tool that would help you remove IPStorm automatically.

Aside from investing in a powerful security tool, you should look into the ways it is possible to improve your system’s security by staying away from potentially harmful content. If you are in doubt of what constitutes potentially harmful content, do not hesitate to address a professional.

Manual IPStorm Removal

1. Press Win+R and type regedit. Click OK.
2. Go to HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run.
3. On the right, look for a startup entry that starts an exe file in %LocalAppData%\packages.
4. Delete the file indicated in the path and the startup entry.
5. Scan your computer with SpyHunter. Download Removal Tool100% FREE spyware scan and
   tested removal of IPStorm*