Storm Worm Attacks Take On New Disguises - InformationWeek
10:14 AM
4 Keys to Improving Security Threat Detection
Dec 15, 2016
In this webinar, Ixia will show how to combine the four keys to improving security threat detectio ...Read More>>

Storm Worm Attacks Take On New Disguises

Storm worm authors are trying a mix of new tricks to infect computers and build up their massive botnet.

In an attempt to trick savvy users and evade anti-malware vendors, the Storm worm is mutating its attacks, trying to lure more victims into its massive botnet.

Researchers from various security companies have begun warning users that the Storm worm has been morphing quickly in the past several days. In recent months, the malware authors have mainly been focusing on infecting machines by sending out phony and malicious e-cards. Possibly concerned that the security community and users are catching on to that old game, they've changed tactics.

Dmitry Gryaznov, a researcher with McAfee's Avert Labs, reported in a blog entry over the weekend that the malware authors were putting aside some of their e-card schemes for the old trick of luring people to open an e-mail by promising them nude or pornographic pictures. Gryaznov pointed out that the e-mails tend to have blank subject lines.

Then the authors quickly changed tactics again -- this time sending out e-mails that either invite the user to join various clubs or talk about services, like online dating sites, that the user supposedly signed up for.

Johannes Ullrich, CTO of the Internet Storm Center, has been posting rolling advisories on the site's diary, warning users about the changing attacks. He noted the phony e-mails inviting people to join a club can look legitimate since they contain fake account numbers and temporary passwords and login IDs. "I have seen about a dozen different ones so far," wrote Ullrich. "They are all 'confirmations' in this style to various Web sites. The Web page offers again an 'applet.exe' for download."

And researchers at F-Secure reported that they have seen fake confirmation e-mails purporting to be from Internet dating services or MP3 download sites. They've seen subject lines that include phrases like Member Details, Membership Support, New Member Confirmation, and Poker World.

The Storm worm was first spotted this past January and has taken on many different attacks since then -- phony e-cards, e-mails about fraudulent patch information, e-mails about fake news items, and even a few Web sites with the malicious code embedded in them.

In the past several weeks, researchers from both Postini and SecureWorks have reported that the Storm worm authors are amassing a massive botnet, not only capable of sending out great amounts of spam but also capable of launching large-scale denial-of-service attacks.

And last week, Ren-Isac, a collaboration of higher-education security researchers, issued a warning to colleges and universities that the massive botnet is attacking computers that are trying to weed it out. The botnet is set up to launch a distributed denial-of-service attack against any computer that is scanning a network for vulnerabilities or malware.

With students returning to campus in the next few weeks, schools are expected to scan the servers on their network to find vulnerabilities and malware that the students are bringing back with them. When the scanner hits an infected computer that is part of the Storm botnet, the rest of the botnet directs a distributed denial-of-service attack back against the computer running the scan. The attacks can last more than a day, and can involve "very significant" traffic.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of November 6, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll