Wednesday, February 28, 2007

NAR: New Storm Trojan variant spreads in blogs, forums, Webmail

Just a public service announcement to be on the lookout for this one....

February 27, 2007 (Computerworld) A new variant of the "Storm" Trojan is injecting its come-on into blogs, Web-based message forums and Webmail as part of an effort to spread itself to an ever-widening net of PCs, according to a security researcher.

Dmitri Alperovitch, principal research scientist at Secure Computing, said today that the Trojan -- best known as the "Storm worm" but also pegged as "Peacomm" and half a dozen other names by anti-virus vendors -- is using a novel approach to spread. "This is a really neat twist, through the Web channel," said Alperovitch.

An initial infection is still carried out via e-mail, which touts a link that when clicked downloads a number of malware components to a victimized machine. Once on a PC, however, the malicious code injects itself into the network stack as a rootkit and analyzes all outbound Web traffic

"It has hooks for boards, e-mail, and blogs," said Alperovitch. When a user on an infected PC posts a message to a forum or blog, or sends a message via popular Web-based mail services such as Hotmail, Gmail, and Yahoo Mail the Trojan adds text to the entry or message.

"It inserts 'Have you seen this link?' along with a link to what seems to be a video," Alperovitch said. Anyone clicking on the link will only find their system infected. "He's not targeting particular sites. Instead, his code is generic enough to work on lots of sites." Secure Computing has seen evidence of the bogus posting on messages forums, including one for Men's Health, as well as "thousands of blog entries," said Alperovitch.

The Trojan has been making the rounds since January, when it first surfaced and was slapped with the "storm" name because it debuted with subject lines shilling news of damaging weather that rampaged across Europe. Since then, it has been collecting compromised PCs into a botnet of zombies that can be used for sending spam. Other malware downloaded to infected machines tries to steal passwords or uses the PC to launch distributed denial-of-service (DDoS) attacks.

"This looks like it's working," Alperovitch said, adding that users can protect themselves by not clicking on links.


Have you seen this link?

2 complaints from ingrates:

Rebecca February 28, 2007 at 11:23 PM  

Do I get bonus points for NOT clicking on your clever little link at the bottom of your post? An hour from now, I would've been too bleary eyed to catch that. I automatically click on anything that's underlined. LOL. Thanks for the heads up, Rebecca

Ungrateful Little Bastard March 1, 2007 at 8:18 PM  

Haha yes 10 more bonus points added for the "How ungrateful are you?" test. Because only the ungrateful take time to read.

I'm a Fan of Adoptee Rights


I Digg Adoption News

All adoption news

Adoption news RSS feed

Don't like feeds or widgets? Rather read the news in a blog format? Here you go.

Who I'm Stalking


  © Blogger templates The Professional Template by Ourblogtemplates.com 2008

Back to TOP