This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
Storm Worm Attacking Blogs, Bulletin Boards, And Webmail
A variant of the Storm worm is able to analyze network traffic and insert a link to a malicious Web site into text posted in blogs, Webmail, and bulletin boards.
A variant of the well-known and troublesome Storm worm is being used in a spam attack that is luring blog, bulletin board, and Webmail (Internet-based e-mail) users to connect to a malicious Web site, according to Dmitri Alperovitch, a principal research scientist at Secure Computing Corp.
A new component in the variant enables it to analyze network traffic on the infected computer and dynamically insert a link to the malicious site into text -- whether it's a blog post, a bulletin board entry, or an e-mail sent through a Webmail system, Alperovitch says. The users' text will contain their own content, along with the link and a note that lures readers to check out a Web site with "fun" videos or an e-card.
Users who go to the malicious site have their own machines infected with this updated version of the worm, which some security vendors are referring to as a Trojan horse.
"It's pretty dangerous because it's using social engineering in a very successful way," says Alperovitch. "It's infecting Web posts that come from people who users trust and regularly discuss useful topics with. Imagine a forum where you are used to having good discussions and now they show you a link for what they seem to be saying is a fun video. Wouldn't you click on it? A lot of people would."
The original Storm worm has been linked to denial-of-service attacks against anti-spam and anti-malware sites, according to Secure Computing.
"This signifies a new trend in malware that is spread through blogs, message boards, and web-based e-mail," Alperovitch says. "And this threat is particularly insidious in that antivirus detection doesn't always work. This threat utilizes server polymorphism, which means that it is continuously being repackaged to make the binary appear different to signature-based antivirus solutions."
Signature-based antivirus programs often miss the malicious file since it is continually changing its appearance.
Eric Chien, a senior software engineer at Symantec, wrote in his blog that a number of online bulletin boards are being spammed with this scam.
"Message board spam is nothing new, but what is different about this message board spam is the spam text is actually integrated into legitimate messages posted by real users," he warns. "Don't click on unrelated links in forum postings, e-mail, or IM [Instant Messaging], and definitely avoid executing any files you receive from unsolicited links. If you notice that in your own e-mail, forum postings, or IMs you are sending out odd additional text or URLs, you are likely infected."
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
State of the CloudCloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
IT Careers: Tech Drives Constant ChangeAdvances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!