Storm Worm Starts AfreshE-mail with multi-pronged virus is sweeping across the Internet these days. The virus is nicknamed 'Storm Trojan'. Captured specimens of the spam mail bear similar subject line that reads, "You've received a postcard from a family member!" But the mails carry links to a malevolent website where an encoded JavaScript tries to find out if the scripting on the victim's browser is turned on. The Storm Trojan becomes active if a recipient clicks on a link provided in the e-mail instead of opening an attachment. That makes it difficult to track the source, said Hoala Greevy, CEO of Pau Spam in a statement reported by Pacific Business News on July 1, 2007. SANS Institute's Internet Storm Center has issued an alert that the disabled JavaScript provides a link, which on clicking generates an exploit. Since scripting is a common attack vector, some users turn it off. Browsers with active JavaScript usually receive a package of downloader and malware. ISC said, many anti-virus vendors were able to tentatively thwart a malware offered to JavaScript disabled browsers in place of the Storm Worm. This worm, since early 2007, has been aggressively hijacking PCs to convert them into bots. ISC has warned that after the Storm (or Peacom) compromises the computers, attackers use them to host the malware. Also, they use the IP addresses of those PCs to send their spam. The alert further said that every system with the Storm infection has the capability to host the malware and distribute the spam, but in a particular run, only a few infected PCs would be used depending on what number of spam mails the attackers want to send and what number of web results they anticipate. The objective of the attacker is to trick the user into downloading a Trojan. On executing it, the computer connects to a server hosting malware. According to SANS, this server has been functioning since December 2006 and it tries to install zombie program. This way, the PC gets tied to a botnet. When SANS tested the Trojan on 30 separate anti-virus solutions, only 10 of them recognized the dubious ecard.exe. Related article: Storm Worm Returns with Follow-Up Attack ยป SPAMfighter News - 7/11/2007 |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!