News
News
8/22/2007
10:14 AM
Connect Directly
RSS
E-Mail
50%
50%

Storm Worm Attacks Take On New Disguises

Storm worm authors are trying a mix of new tricks to infect computers and build up their massive botnet.

In an attempt to trick savvy users and evade anti-malware vendors, the Storm worm is mutating its attacks, trying to lure more victims into its massive botnet.

Researchers from various security companies have begun warning users that the Storm worm has been morphing quickly in the past several days. In recent months, the malware authors have mainly been focusing on infecting machines by sending out phony and malicious e-cards. Possibly concerned that the security community and users are catching on to that old game, they've changed tactics.

Dmitry Gryaznov, a researcher with McAfee's Avert Labs, reported in a blog entry over the weekend that the malware authors were putting aside some of their e-card schemes for the old trick of luring people to open an e-mail by promising them nude or pornographic pictures. Gryaznov pointed out that the e-mails tend to have blank subject lines.

Then the authors quickly changed tactics again -- this time sending out e-mails that either invite the user to join various clubs or talk about services, like online dating sites, that the user supposedly signed up for.

Johannes Ullrich, CTO of the Internet Storm Center, has been posting rolling advisories on the site's diary, warning users about the changing attacks. He noted the phony e-mails inviting people to join a club can look legitimate since they contain fake account numbers and temporary passwords and login IDs. "I have seen about a dozen different ones so far," wrote Ullrich. "They are all 'confirmations' in this style to various Web sites. The Web page offers again an 'applet.exe' for download."

And researchers at F-Secure reported that they have seen fake confirmation e-mails purporting to be from Internet dating services or MP3 download sites. They've seen subject lines that include phrases like Member Details, Membership Support, New Member Confirmation, and Poker World.

The Storm worm was first spotted this past January and has taken on many different attacks since then -- phony e-cards, e-mails about fraudulent patch information, e-mails about fake news items, and even a few Web sites with the malicious code embedded in them.

In the past several weeks, researchers from both Postini and SecureWorks have reported that the Storm worm authors are amassing a massive botnet, not only capable of sending out great amounts of spam but also capable of launching large-scale denial-of-service attacks.

And last week, Ren-Isac, a collaboration of higher-education security researchers, issued a warning to colleges and universities that the massive botnet is attacking computers that are trying to weed it out. The botnet is set up to launch a distributed denial-of-service attack against any computer that is scanning a network for vulnerabilities or malware.

With students returning to campus in the next few weeks, schools are expected to scan the servers on their network to find vulnerabilities and malware that the students are bringing back with them. When the scanner hits an infected computer that is part of the Storm botnet, the rest of the botnet directs a distributed denial-of-service attack back against the computer running the scan. The attacks can last more than a day, and can involve "very significant" traffic.

Comment  | 
Print  | 
More Insights
IT's Reputation: What the Data Says
IT's Reputation: What the Data Says
InformationWeek's IT Perception Survey seeks to quantify how IT thinks it's doing versus how the business really views IT's performance in delivering services - and, more important, powering innovation. Our results suggest IT leaders should worry less about whether they're getting enough resources and more about the relationships they have with business unit peers.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 24, 2014
Start improving branch office support by tapping public and private cloud resources to boost performance, increase worker productivity, and cut costs.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.