TECH.BLORGE.com
VISTA.BLORGE.com
MAC.BLORGE.com
GAMER.BLORGE.com

February 28, 2007 |

Blogs, forums and web mail under siege by Storm Worm variant

By John Pospisil





Blogs, forums and web mail under siege by Storm Worm variant A reworked version of the infamous Storm Worm is using blogs, forums and web mail to spread itself.

The original version of the worm appeared in January of this year and infected thousands of computers around the world, turning them into zombie slaves of a botnet designed to send spam. 

According to Dmitri Alperovitch, principal research scientist at Secure Computing, a new variant of the Storm Worm is using the ”web channel” to spread itself, in addition to the normal channels of email, email-links and malicious web sites.

This new variant of the Storm Worm does something extremely sneaky. The malicious code attaches itself into the network stack and keeps an eye on outbound traffic.

When the user of an infected machine later posts to a blog or online forum, or sends a message via a web mail service (like Gmail, for example), the Storm Worm inserts a text link to a malicious web site in the post. The text reads ”Have you seen this link?”, along with a link to what seems to be a video.

“He’s not targeting particular sites. Instead, his code is generic enough to work on lots of sites,” said Alperovitch. Apparently thousands of blog entries have been affected, including well-known sites, such as Men’s Health.

“We haven’t seen the Web channel used before. In the past, we’ve seen malicious links distributed to people in a user’s address book and made to look like it’s an instant message coming from them,” said Alperovitch, who rated the threat as “high”.

The big danger of this kind of worm is that while most people know to be careful about clicking links in emails, people tend to be more trusting of links in blogs and forums that they know and trust.

Can you imagine anything worse than being infected by a worm after visiting a link posted on your favorite blog?

Alperovitch’s advice to Internet users is that they can protect themselves by not clicking on links that say “Have you read this link?”

Good, though obvious, advice.

Related:

  • Storm Worm detects early threat, launches counter-attacks
  • Storm Worm network shrinks to about one-tenth of its former size
  • Researcher: Storm Worm botnet up for sale
  • WARNING: some Valentine e-cards could be a trap
  • No rain on ‘Storm Worm’ parade




    • Sign up for the BLORGE daily email newsletter

    Entry was posted on Wednesday, February 28th, 2007 at 11:37 am under Internet, Security.

    Read more entries by John Pospisil.
    StumbleUpon Toolbar Stumble It!

    Leave a Reply:

    Copyright © 2008 Engaging and compelling blogs that entertain and inform