Storm Worm Attacking Blogs, Bulletin Boards, And Webmail - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Storm Worm Attacking Blogs, Bulletin Boards, And Webmail

A variant of the Storm worm is able to analyze network traffic and insert a link to a malicious Web site into text posted in blogs, Webmail, and bulletin boards.

A variant of the well-known and troublesome Storm worm is being used in a spam attack that is luring blog, bulletin board, and Webmail (Internet-based e-mail) users to connect to a malicious Web site, according to Dmitri Alperovitch, a principal research scientist at Secure Computing Corp.

A new component in the variant enables it to analyze network traffic on the infected computer and dynamically insert a link to the malicious site into text -- whether it's a blog post, a bulletin board entry, or an e-mail sent through a Webmail system, Alperovitch says. The users' text will contain their own content, along with the link and a note that lures readers to check out a Web site with "fun" videos or an e-card.

Users who go to the malicious site have their own machines infected with this updated version of the worm, which some security vendors are referring to as a Trojan horse.

"It's pretty dangerous because it's using social engineering in a very successful way," says Alperovitch. "It's infecting Web posts that come from people who users trust and regularly discuss useful topics with. Imagine a forum where you are used to having good discussions and now they show you a link for what they seem to be saying is a fun video. Wouldn't you click on it? A lot of people would."

The original Storm worm has been linked to denial-of-service attacks against anti-spam and anti-malware sites, according to Secure Computing.

"This signifies a new trend in malware that is spread through blogs, message boards, and web-based e-mail," Alperovitch says. "And this threat is particularly insidious in that antivirus detection doesn't always work. This threat utilizes server polymorphism, which means that it is continuously being repackaged to make the binary appear different to signature-based antivirus solutions."

Signature-based antivirus programs often miss the malicious file since it is continually changing its appearance.

Eric Chien, a senior software engineer at Symantec, wrote in his blog that a number of online bulletin boards are being spammed with this scam.

"Message board spam is nothing new, but what is different about this message board spam is the spam text is actually integrated into legitimate messages posted by real users," he warns. "Don't click on unrelated links in forum postings, e-mail, or IM [Instant Messaging], and definitely avoid executing any files you receive from unsolicited links. If you notice that in your own e-mail, forum postings, or IMs you are sending out odd additional text or URLs, you are likely infected."

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
The Growing Security Priority for DevOps and Cloud Migration
Joao-Pierre S. Ruth, Senior Writer,  9/3/2020
Dark Side of AI: How to Make Artificial Intelligence Trustworthy
Guest Commentary, Guest Commentary,  9/15/2020
Register for InformationWeek Newsletters
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll