Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
Latest Comments
"I feel it with you guys. These irritating interruptions on privacy MUST be stopped. It is a ..."
on Yahoo and Microsoft take aim at lottery scams
by Jan Wilmans | Dec 2, 2008 7:11 PM
 
"My AVG WILL NOT UPDATE"
on AVG update deletes critical Windows file
by James Downs | Dec 2, 2008 5:58 AM
 
"Concerned man's comments seem to intimate that if I'm using agents all will be well but the ..."
on Shavlik Technologies to broaden its patch management offerings
by Werner K | Nov 26, 2008 8:36 PM
 
"That will enhance Microsoft Office system, including SharePoint - good platform for enterprise ..."
on Companies have security to consider with in-the-cloud Office
by SGE | Nov 25, 2008 3:29 PM
 
"how many users allow per session? because the digital persona password manager allows only 10 ..."
on DigitalPersona Pro Workstation/Pro Server
by Daniel | Nov 25, 2008 12:14 AM
Email Security

Malware writers trying for touchdown with NFL-themed Storm Worm

  • Email a Friend
  • Print Page
Malware writers trying for touchdown with NFL-themed Storm Worm
Related Articles
By Dan Kaplan
Sep 11, 2007 2:33 PM
Tags: Malware | writers | trying | for | touchdown | with | NFL-themed | Storm | Worm
The spam messages encouraged fans to visit a website to download an "online game tracker" that claims to contain time, channel and statistical information for all NFL contests, according to Finnish security firm F-Secure. Instead, if users attempt to download the application, they are met with a malware exploit.

To make the threat appear more legit, the website where users are sent to download the game tracker actually contains accurate information about the scheduled games, F-Secure said Sunday on its company blog.

This is the latest twist in the Storm Worm, which attempts to lure users to malicious files by masquerading as a legitimate link, usually as an electronic greeting card or a breaking news story.

Security experts estimate there are hundreds of thousands of infected machines worldwide, which are predominantly used to send spam and launch denial-of-service attacks.

"It's always been socially engineered, and it's always around something that would be enticing to individuals, and timely," Ken Dunham, director of global response for Dallas-based iSight Partners, a risk management and mitigation start-up, told SCMagazine.com today. "It's one of the most relentless and prevalent attacks we've seen in 2007."

Anti-virus firm BitDefender ranked the Storm Worm as last month's top malware threat, compromising about 25 percent of all detected malware.

The attacks are successful because the malware writers automatically update the malware's binary code about every half hour to evade anti-virus detection, Dunham said. And users whose machines are updated with the latest security patches can still be infected if they choose to execute malicious code.

Dunham – who meets regularly with industry experts to discuss the Storm Worm – said end-users should be trained not to "blindly trust email traffic," while administrators must implement proper spam filters.

"A little bit of training and technology goes a long way in mitigating these threats," he said. "The low-hanging fruit is what the targets hit, and that would be people who execute and who are not patched."

Secure Computing Magazine

 
Ads by Google
Thoughts on this article? Add a comment below.
Be the first to comment on this article.

Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Tripwire - Click here to win an iTouch
 
 
Messaging Whitepapers
 
Popular Tags
adobe barak barrage corporations facebook google hit homepage malware microsoft obama purchase recession rogue russia spam target virus vulnerability worm