News
News
8/22/2007
10:14 AM
Connect Directly
RSS
E-Mail
50%
50%

Storm Worm Attacks Take On New Disguises

Storm worm authors are trying a mix of new tricks to infect computers and build up their massive botnet.

In an attempt to trick savvy users and evade anti-malware vendors, the Storm worm is mutating its attacks, trying to lure more victims into its massive botnet.

Researchers from various security companies have begun warning users that the Storm worm has been morphing quickly in the past several days. In recent months, the malware authors have mainly been focusing on infecting machines by sending out phony and malicious e-cards. Possibly concerned that the security community and users are catching on to that old game, they've changed tactics.

Dmitry Gryaznov, a researcher with McAfee's Avert Labs, reported in a blog entry over the weekend that the malware authors were putting aside some of their e-card schemes for the old trick of luring people to open an e-mail by promising them nude or pornographic pictures. Gryaznov pointed out that the e-mails tend to have blank subject lines.

Then the authors quickly changed tactics again -- this time sending out e-mails that either invite the user to join various clubs or talk about services, like online dating sites, that the user supposedly signed up for.

Johannes Ullrich, CTO of the Internet Storm Center, has been posting rolling advisories on the site's diary, warning users about the changing attacks. He noted the phony e-mails inviting people to join a club can look legitimate since they contain fake account numbers and temporary passwords and login IDs. "I have seen about a dozen different ones so far," wrote Ullrich. "They are all 'confirmations' in this style to various Web sites. The Web page offers again an 'applet.exe' for download."

And researchers at F-Secure reported that they have seen fake confirmation e-mails purporting to be from Internet dating services or MP3 download sites. They've seen subject lines that include phrases like Member Details, Membership Support, New Member Confirmation, and Poker World.

The Storm worm was first spotted this past January and has taken on many different attacks since then -- phony e-cards, e-mails about fraudulent patch information, e-mails about fake news items, and even a few Web sites with the malicious code embedded in them.

In the past several weeks, researchers from both Postini and SecureWorks have reported that the Storm worm authors are amassing a massive botnet, not only capable of sending out great amounts of spam but also capable of launching large-scale denial-of-service attacks.

And last week, Ren-Isac, a collaboration of higher-education security researchers, issued a warning to colleges and universities that the massive botnet is attacking computers that are trying to weed it out. The botnet is set up to launch a distributed denial-of-service attack against any computer that is scanning a network for vulnerabilities or malware.

With students returning to campus in the next few weeks, schools are expected to scan the servers on their network to find vulnerabilities and malware that the students are bringing back with them. When the scanner hits an infected computer that is part of the Storm botnet, the rest of the botnet directs a distributed denial-of-service attack back against the computer running the scan. The attacks can last more than a day, and can involve "very significant" traffic.

Comment  | 
Print  | 
More Insights
The Business of Going Digital
The Business of Going Digital
Digital business isn't about changing code; it's about changing what legacy sales, distribution, customer service, and product groups do in the new digital age. It's about bringing big data analytics, mobile, social, marketing automation, cloud computing, and the app economy together to launch new products and services. We're seeing new titles in this digital revolution, new responsibilities, new business models, and major shifts in technology spending.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest - September 10, 2014
A high-scale relational database? NoSQL database? Hadoop? Event-processing technology? When it comes to big data, one size doesn't fit all. Here's how to decide.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.