Explore the latest news and trends  

Keep yourself up to date with one of the following options:

  • Explore more news around Spam/Phishing, Malware/Cyber-attacks and Antivirus
  • Receive news and special offers from SPAMfighter directly in your inbox.
  • Get free tips and tricks from our blog and improve your security when surfing the net.
Go

Storm Worm Starts Afresh

E-mail with multi-pronged virus is sweeping across the Internet these days. The virus is nicknamed 'Storm Trojan'.

Captured specimens of the spam mail bear similar subject line that reads, "You've received a postcard from a family member!" But the mails carry links to a malevolent website where an encoded JavaScript tries to find out if the scripting on the victim's browser is turned on.

The Storm Trojan becomes active if a recipient clicks on a link provided in the e-mail instead of opening an attachment. That makes it difficult to track the source, said Hoala Greevy, CEO of Pau Spam in a statement reported by Pacific Business News on July 1, 2007.

SANS Institute's Internet Storm Center has issued an alert that the disabled JavaScript provides a link, which on clicking generates an exploit. Since scripting is a common attack vector, some users turn it off. Browsers with active JavaScript usually receive a package of downloader and malware.

ISC said, many anti-virus vendors were able to tentatively thwart a malware offered to JavaScript disabled browsers in place of the Storm Worm. This worm, since early 2007, has been aggressively hijacking PCs to convert them into bots. ISC has warned that after the Storm (or Peacom) compromises the computers, attackers use them to host the malware. Also, they use the IP addresses of those PCs to send their spam.

The alert further said that every system with the Storm infection has the capability to host the malware and distribute the spam, but in a particular run, only a few infected PCs would be used depending on what number of spam mails the attackers want to send and what number of web results they anticipate.

The objective of the attacker is to trick the user into downloading a Trojan. On executing it, the computer connects to a server hosting malware. According to SANS, this server has been functioning since December 2006 and it tries to install zombie program. This way, the PC gets tied to a botnet. When SANS tested the Trojan on 30 separate anti-virus solutions, only 10 of them recognized the dubious ecard.exe.

Related article: Storm Worm Returns with Follow-Up Attack

ยป SPAMfighter News - 11-07-2007

3 simple steps to update drivers on your Windows PCSlow PC? Optimize your Slow PC with SLOW-PCfighter!Email Cluttered with Spam? Free Spam Filter!

Exchange Anti Spam Filter
Go back to previous page
Next