Storm Trojan Variant Spreads Through Blogs
With the help of a new variant of the Storm Trojan horse, attackers are planting stealthy URLs in blogs so that they can pick on traffic when visitors attempt to make postings, warned Secure Computing Corp. on February 27, 2007.
According to Dmitri Alperovitch, lead research scientist at San Jose, California-based Secure Computing, attackers insert the malicious program on the targeted PC in a rootkit form and try to seize and alter Web traffic through the operating system, reports SearchSecurity.
The Trojan variant also uses server polymorphism that automatically changes its code on every instance of its download. This enables the malware to circumvent traditional signature-based anti-virus programs. The URL link then contaminates more computers, spreading the malware in multiples.
Traditionally, e-mails spread variants of this malware, but the new version has the Web component as an addition, said Alperovitch. Every time the attackers notice a command that indicates that a user is posting something on a blog, they try to capture the traffic and insert their own treacherous message instead.
Other new mediums apart from blogs that quickly spread Storm Trojan are Web mail and message forums, say experts.
When users click on the e-mail link, it first infects the system by downloading a malicious rootkit that monitors network traffic. The worm next puts 'Have you seen this link?' in Web mails and online forum messages that others posted. The whole strategy is a clever social engineering tactic, said Alperovitch.
The attack kicks start when a recipient clicks on a link included in the spam mail or posting that promises a 'funny video'. This tricks the user into downloading and installing the Trojan dubbed as Trojan.Mespam.
The malicious software typically attaches the spam greeting to message board postings as also to instant messages coming from AIM, Yahoo Messenger, ICQ and Gtalk.
According to Alperovitch, users should avoid illegitimate Web sites to protect themselves. They should also not view videos on random web pages rather do it on a site like YouTube.
The Storm Trojan made its debut in January 2007 through e-mails that exploited people's sentiments about European storms during that time.
Related article: Storm Worm Returns with Follow-Up Attack
» SPAMfighter News - 13-03-2007