Tuesday December 2, 2008 4:16 AM AEST
Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."
on Shavlik Technologies to broaden its patch management offerings
by Werner K | Nov 26, 2008 8:36 PM
 
"That will enhance Microsoft Office system, including SharePoint - good platform for enterprise ..."
on Companies have security to consider with in-the-cloud Office
by SGE | Nov 25, 2008 3:29 PM
 
"how many users allow per session? because the digital persona password manager allows only 10 ..."
on DigitalPersona Pro Workstation/Pro Server
by Daniel | Nov 25, 2008 12:14 AM
 
"security through obscurity...shows how detached HIPAA is from reality."
on Privacy breaches causing business instability
by priceOfFishInChina | Nov 20, 2008 1:19 PM
 
"I have been the recipient of Agent.JEN.Trojan through an email suggesting a UPS parcel (including..."
on Trojan disguised as UPS delivery note
by Vincent Laing | Nov 13, 2008 4:01 PM
Email Security

New storm worm attack turns to web

  • Email a Friend
  • Print Page
New storm worm attack turns to web
Related Articles
By Dan Kaplan
Jul 4, 2007 9:45 AM
Tags: New | storm | worm | attack | turns | to | web
The newest run, which began late last week, features messages that falsely inform recipients they have received a greeting card from a family member. Some other variants show the message to be coming from an admirer, classmate or colleague.

What makes this run different than previous is that instead of being asked to click on a malicious executable attachment to open their card, users are persuaded to click on a link that redirects them to a compromised website hosting malware, Jose Nazario, senior security researcher at Arbor Networks, told SCMagazine.com.

The social engineering attacks exploit a number of patched vulnerabilities - including ANI, QuickTime and WinZip- to add compromised machines to a botnet.

The cybercrooks opted for web-borne malware because it typically leads to a larger infection rate, Nazario said.

"I think part of [the success] is [that] executables are getting blocked at the inbound mail gateway and also web browsers are just as functional and more vulnerable than the email clients and less filtered," he said. "People have found that the browser is one of the best conduits to almost everything on a person’s computer."

These latest social engineering attacks are offshoots of the original storm-worm scam, launched in January, which promised videos of major European wind storms but instead infected users’ machines with a trojan. The attacks made several resurgences during the winter and spring.

Meanwhile, thousands of websites, most in Italy, have been infected with the new MPACK attack tool, which removes a number of competing rootkits on victims’ machines and replaces them with new ones.

This has upset storm-worm spammers so much that a virtual turf battle of sorts has broken out, leading to DDoS attacks.

"Over the past two days, we’ve seen a reasonably large number of attacks…that exhibit a common target set, and appear to be traceable to bot-on-bot attacks, or more interestingly, attacks targeting competitive bot-building infrastructure," Arbor chief researcher Danny McPherson wrote Saturday on the security team’s blog.

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
Messaging Whitepapers
 
Popular Tags
american assisting attack botnet court crosssite ebay emails flaw gary goes hacker hackers latest least microsoft threat web worm zealand