Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in you inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Storm Trojan Variant Spreads Through Blogs

With the help of a new variant of the Storm Trojan horse, attackers are planting stealthy URLs in blogs so that they can pick on traffic when visitors attempt to make postings, warned Secure Computing Corp. on February 27, 2007.

According to Dmitri Alperovitch, lead research scientist at San Jose, California-based Secure Computing, attackers insert the malicious program on the targeted PC in a rootkit form and try to seize and alter Web traffic through the operating system, reports SearchSecurity.

The Trojan variant also uses server polymorphism that automatically changes its code on every instance of its download. This enables the malware to circumvent traditional signature-based anti-virus programs. The URL link then contaminates more computers, spreading the malware in multiples.

Traditionally, e-mails spread variants of this malware, but the new version has the Web component as an addition, said Alperovitch. Every time the attackers notice a command that indicates that a user is posting something on a blog, they try to capture the traffic and insert their own treacherous message instead.

Other new mediums apart from blogs that quickly spread Storm Trojan are Web mail and message forums, say experts.

When users click on the e-mail link, it first infects the system by downloading a malicious rootkit that monitors network traffic. The worm next puts 'Have you seen this link?' in Web mails and online forum messages that others posted. The whole strategy is a clever social engineering tactic, said Alperovitch.

The attack kicks start when a recipient clicks on a link included in the spam mail or posting that promises a 'funny video'. This tricks the user into downloading and installing the Trojan dubbed as Trojan.Mespam.

The malicious software typically attaches the spam greeting to message board postings as also to instant messages coming from AIM, Yahoo Messenger, ICQ and Gtalk.

According to Alperovitch, users should avoid illegitimate Web sites to protect themselves. They should also not view videos on random web pages rather do it on a site like YouTube.

The Storm Trojan made its debut in January 2007 through e-mails that exploited people's sentiments about European storms during that time.

Related article: Storm Worm Returns with Follow-Up Attack

ยป SPAMfighter News - 13-03-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next