Forum latest

Storm worm's approach is evolving.
Written by Daniel   
Monday, 03 September 2007 09:50
"Storm worm" adds millions of computers to botnet
ARS Technica
By Jacqui Cheng | Published: September 02, 2007 - 07:43PM CT

The authors behind a specific strain of malware are trying every trick in the book to get users to succumb to their ill-meaning plans. You name it, they've used it: weather news, personal greetings, reports that Saddam Hussein is still alive, reports that Fidel Castro is dead, sexy women, YouTube, and even blogs. The group seems hellbent on creating the largest botnet to date, and they just might do it.

The "Zhelatin gang"—named after the trojan it installed—was responsible for what started out as the "storm worm." First spotted earlier this year, the spread of the "storm worm" started via e-mails purporting to provide information on some dangerous storms in Europe at the close of January. Users who fell for it were directed to a web site containing malicious code aimed at turning Windows PCs into spam bots.

It was a success, if you can call it that; Symantec security response director Dave Cole told InformationWeek in late January that the worm had accounted for 8 percent of global virus infections after a single weekend rampage.

Over time, e-mails containing links to the "storm worm" took on many forms, from supposed missile strikes to reports of genocide. Then last month security firm F-secure noted that the Zhelatin team had switched gears and was focusing on greeting-card spam. The e-mails originally directed users to a web site that prompted the download of ecard.exe, but eventually morphed slightly so that the link pointed to a site that claimed the user needed to install "Microsoft Data Access" in order to view the card. Naturally, this download installed a trojan on the user's computer for the purposes of relaying spam.

And that's when the changes began to speed up. Zhelatin changed its game mid-week to suggestive e-mails from lonely females, which prompted end users to click a link to see what they could do if they "get lonely." Days later, however, security firm Sophos noted that the e-mails had changed once again, this time to spam claiming to contain a link to an awesome new video on YouTube. Same tactic, same virus.... More

Comment in the Forums 


See also

None found.

Hardware | Windows | Linux | Security | Mobile Devices | Gaming
Tech Business | Editorial | General News | folding@home

Forum | Download Files

Copyright ©2001 - 2012, AOA Forums.  All rights reserved.

Alliance of Overclocking Arts

Links monetized by VigLink

Don't Click Here Don't Click Here Either