Spammers Spoof YouTube to Cause Storm Worm Infection
Following the virus writers' trend to take help of Websites hosting malware to infect and compromise vulnerable computers, the latest attempt to scatter the Storm worm makes an effort to use the YouTube's good name to spread infection. Attackers, by using a Website carrying YouTube branding name, hope to cash on the wide acceptability of the community video-sharing site to dupe unsuspecting users.
The spam mail uses social engineering tactics by inserting a link connecting to the unreal YouTube site.
The latest twist of the Storm worm is in its pretense to be a video from YouTube. The link in the spam mail appears to connect to the YouTube site, but actually links to a "numeric" URL as it was with the older versions of the Storm. The binary that is downloaded has been named "video.exe". Those who trust the e-mail and follow its directions end up visiting a site where a downloadable video file installs the Storm worm on the user's computer.
The first report of the Storm worm came in January 2007 when an executable e-mail file attachment delivered the malware. The attachment pretended to be an electronic greeting card that infected numerous computers all over the world, converting them into zombie PCs to build a botnet that would distribute spam. However, in the recent times, spammers have been employing a different tactic in which they dupe users into visiting sites hosting malicious code.
Chief research officer at F-Secure, Mikko Hypponen, has been tracking the Storm/Zhelatin Gang believed to be the creator of the worm. Builder.au reported this on August 27, 2007. Hypponen has designed an online video demonstrating how the crooks exploit the various vulnerabilities specific to different browsers.
Researchers at SecureWorks in recent weeks have also said that the authors of Storm worm are assembling a gigantic botnet that not only sends out large volumes of spam but is also capable of triggering denial of service (DoS) attacks.
Related article: Spammers Continue their Campaigns Successfully
» SPAMfighter News - 10-09-2007