Storm Worm Attacks Take On New Disguises - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


Storm Worm Attacks Take On New Disguises

Storm worm authors are trying a mix of new tricks to infect computers and build up their massive botnet.

In an attempt to trick savvy users and evade anti-malware vendors, the Storm worm is mutating its attacks, trying to lure more victims into its massive botnet.

Researchers from various security companies have begun warning users that the Storm worm has been morphing quickly in the past several days. In recent months, the malware authors have mainly been focusing on infecting machines by sending out phony and malicious e-cards. Possibly concerned that the security community and users are catching on to that old game, they've changed tactics.

Dmitry Gryaznov, a researcher with McAfee's Avert Labs, reported in a blog entry over the weekend that the malware authors were putting aside some of their e-card schemes for the old trick of luring people to open an e-mail by promising them nude or pornographic pictures. Gryaznov pointed out that the e-mails tend to have blank subject lines.

Then the authors quickly changed tactics again -- this time sending out e-mails that either invite the user to join various clubs or talk about services, like online dating sites, that the user supposedly signed up for.

Johannes Ullrich, CTO of the Internet Storm Center, has been posting rolling advisories on the site's diary, warning users about the changing attacks. He noted the phony e-mails inviting people to join a club can look legitimate since they contain fake account numbers and temporary passwords and login IDs. "I have seen about a dozen different ones so far," wrote Ullrich. "They are all 'confirmations' in this style to various Web sites. The Web page offers again an 'applet.exe' for download."

And researchers at F-Secure reported that they have seen fake confirmation e-mails purporting to be from Internet dating services or MP3 download sites. They've seen subject lines that include phrases like Member Details, Membership Support, New Member Confirmation, and Poker World.

The Storm worm was first spotted this past January and has taken on many different attacks since then -- phony e-cards, e-mails about fraudulent patch information, e-mails about fake news items, and even a few Web sites with the malicious code embedded in them.

In the past several weeks, researchers from both Postini and SecureWorks have reported that the Storm worm authors are amassing a massive botnet, not only capable of sending out great amounts of spam but also capable of launching large-scale denial-of-service attacks.

And last week, Ren-Isac, a collaboration of higher-education security researchers, issued a warning to colleges and universities that the massive botnet is attacking computers that are trying to weed it out. The botnet is set up to launch a distributed denial-of-service attack against any computer that is scanning a network for vulnerabilities or malware.

With students returning to campus in the next few weeks, schools are expected to scan the servers on their network to find vulnerabilities and malware that the students are bringing back with them. When the scanner hits an infected computer that is part of the Storm botnet, the rest of the botnet directs a distributed denial-of-service attack back against the computer running the scan. The attacks can last more than a day, and can involve "very significant" traffic.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
The State of Cloud Computing - Fall 2020
The State of Cloud Computing - Fall 2020
Download this report to compare how cloud usage and spending patterns have changed in 2020, and how respondents think they'll evolve over the next two years.
2021 Outlook: Tackling Cloud Transformation Choices
Joao-Pierre S. Ruth, Senior Writer,  1/4/2021
Enterprise IT Leaders Face Two Paths to AI
Jessica Davis, Senior Editor, Enterprise Apps,  12/23/2020
10 IT Trends to Watch for in 2021
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/22/2020
Register for InformationWeek Newsletters
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you.
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll