Storm Worm Attacks now Through Malicious Pages
Cyber-crooks always look for new vectors and ways to spread their malevolent activities. Attacks by Storm worm have always been using massive e-mail spam scams but now the attackers are shifting the malware to create nasty Websites, according to researchers.
The Storm worm that spreads aggressively and has been crowding the Internet has moved to new tactics, creating a different attack vector. On August 8 2007, researchers at SecureWorks found that the authors of the Storm worm have turned their attention away from e-mail-based attacks to creating malware-hosting Web pages.
According to SecureWorks, e-mail-based assaults involving false news warnings and fake e-greeting cards have worked very effectively helping spammers to set up a botnet by amassing a total of 1.7 Million zombie PCs by the end of July 2007.
Don Jackson, a security researcher with SecureWorks, reported having detected two malware-loaded Websites containing the embedded Storm worm. One site specifically aided in malicious purposes while the other was a legitimate site that hackers invaded and infected with the worm. The regular site is a forum for Apple Mac's fans. However, the malicious program doesn't disturb the Mac software. It only affects Microsoft's Windows program, specially the Internet Explorer Web browser. Information Week reported this on August 9, 2007.
Jackson pointed out that the criminals were probably trying to exploit the publicity surrounding the newly released iMacs announced in the second week of August 2007. However, they were possibly looking for something easy like Websites to break into.
The Storm worm made its debut (for researchers) in January 2006 and from then on, it has been spreading virulently and speedily. SecureWorks' researchers said the attackers today use iFrame, an HTML coding feature that enables embedding components of one page into another. When attackers attempt to hack legitimate pages, they often employ iFrames to insert say a bank or other financial institution's logo or its feature to enter the password.
Jackson said since IT managers and home users are effectively blocking spam mails or at least avoiding unsolicited e-mails, therefore, the Storm worm writers are finding an alternative attack vector. Information Week reported this on August 9, 2007.
Related article: Storm Worm Returns with Follow-Up Attack
» SPAMfighter News - 22-08-2007