Storm worm anniversary brings fresh variants
Published: 18 Jan 2008 17:13 GMT
The anniversary week of the first Storm worm attack has brought warnings of more Storm variants being sent out in spam.
The attacks are using variants of malicious code known as Troj/Dorf-AP by Sophos and Trojan.Peacomm.D by Symantec.
Sophos researchers believe the spam run is an attempt to dupe users into downloading backdoor code, which will then download further malicious code from the internet.
The social-engineering technique attempts to trick users into clicking on a link in a "Valentine's Day" email, according to a Sophos blog post.
"The body of the email contains a link to an IP-address based website, which is actually one of the many compromised PCs in the Storm botnet," said Sophos. "The website displays a large red heart, while installing malware onto the vistors' PC."
Symantec researcher Hon Lau said that a spam run attempting to exploit St Valentine's Day was perhaps premature.
"I don't know about you, but I feel that this campaign has started a little bit too early," wrote Hon in a blog post. "Maybe the Peacomm creators feel that they need a head start this time, since they started a bit late on their Christmas 2007 campaign. After all they don't want to miss the boat when it comes to gathering more bots for their network."
The original Storm worm code, so named because the first spam run coincided with a severe winter storm in Europe, will reach its first anniversary on 19 January.
Phishers harness Storm worm botnet
Domains associated with the Storm worm botnet are being used to host phishing sites, F-Secure and Trend Micro have warned [10 Jan 2008]
Cracking open the cybercrime economy
Hacking for fun has evolved into hacking for profit, and created a business model that is nearly as sophisticated as that of legal software [14 Dec 2007]
Governments prepare for 'cyber cold war'
Security experts have warned that governments are regularly monitoring and attacking the critical national infrastructures of other nations [03 Dec 2007]
Symantec: Storm worm changes tack
The worm's authors have streamlined the code to make it more stable, researchers have claimed [02 Nov 2007]
Storm botnet 'services' could be sold
The Storm botnet could be divided into smaller networks and the individual pieces sold to spammers, security experts warn [16 Oct 2007]
Storm worm: More powerful than Blue Gene?
The criminal botnet controlling millions of PCs may have more computing muscle than the world's most powerful supercomputer [12 Sep 2007]
Storm worm resurfaces
The virus has re-emerged but, rather than spreading through executable file attachments in emails, the latest attack is web-borne [17 Aug 2007]
Attack code raises risk for Windows
Windows systems are at greater risk of being compromised, as attack code is made public [17 Apr 2007]
Storm worm stirs up email virus chaos
Variations of the Storm worm have driven global virus levels 60 times higher than their daily average, warns security company Postini [16 Apr 2007]
Storm Worm variant sneaks into blogs
Blogs and bulletin board notices posted by victims of the Trojan horse contain links to malicious websites [28 Feb 2007]
- Governments prepare for 'cyber cold war'
- MI5 warns of Chinese digital espionage
- Burglars plunder Verizon's London data centre
- Cyberterrorism: Myth or reality?
- Explaining the Estonian cyberattacks
- The worst IT security incidents of 2007
- Cracking open the cybercrime economy
- Countering corporate espionage
- Anatomy of a hack attack
- Storm worm anniversary brings fresh variants
- CIA: Cyberattack caused multi-city blackout
- Schneier: Cyber-extortion on the rise
Did you find this article useful?
2 out of 2 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
