Trojan Storm Gaining Speed

The Storm Trojan that appeared first in January this year is not slowing down. It, after transforming itself, reappeared as a membership confirmation notice of a Website in the third week of August 2007.

This new version of the malware appears in the inboxes with subjects such as 'Membership Support', 'Login Information', and 'User Info'. The mail has login details for Websites that offer variety of services exclusively for online music lovers, and poker playing etc. as per the post by F-Secure. The earlier promotions have lasted for many weeks but the latest spam related to Storm is varying quicker than ever.

PCWorld.com published news on August 22, 2007 quoting Bradley Anstis, Director, Project Management at Marshal, a security firm, saying that the spammers are modifying or posting new spasm almost on a daily basis.

Johannes Ullrich, Chief Technical Officer, SANS Internet Storm Center, said that the recent chain of this Storm is luring the victims to sites that declare the need to install an 'applet' by which the users could login securely. He further said that most anti-virus software fail to detect Storm, as the conventional signature approach used by them isn't being able to identify them anymore, as published by Channelregister.co.uk on August 21, 2007.

This malware got its name from its early versions which offered the victims' detailed news about the winter storms raiding Northern Europe. Then it started a series of infectious e-cards.

SecureWorks has found out that in past weeks, the malware was found in over 1.5 Million different hosts. This number has increased dramatically from just around 2,81 hosts from January-May 2007. Similarly, the volume of attacks stopped by the firm has increased from nearly 71,340 in the initial five months to over 20 Million from June 2007.

Storm isn't a worm, technically, as it does not spread on its own. Those users who checked the ports of compromised computers attacked by Storm, or who download the Trojan repeatedly have been attacked by DDoS (distributed denial of service) attacks that last for days. The malware, however, depends on the oldest method of social engineering to spread.

Related article: Trojans to Target VoIP in 2006

» SPAMfighter News - 9/7/2007