Storm Payload Nestles in Numerous Blogs
Malicious hackers are using Google's Blogger site by posting counterfeit entries on its blogs. These fake entries have Web links that take the user to booby-trapped downloads capable of infecting a computer running Windows program.
The gang of online criminals launching online attacks is hijacking infected computers to either dig out saleable data from them or kick off other attacks from those systems. The Blogger assault is the most recent in which the gang has captured a large number of computers.
President of security firm Sunbelt Software, Alex Eckelberry, who was behind the first discovery of Storm executable files on a number of blogger sites in the end week of August 2007, says, many blogs are showing the Storm while using the mail-2-blogger function, where e-mail can be the medium for posting the blogs. DarkREADING reported this on August 30, 2007. However, Google has placed the CAPTCHA defense to arrest such infections, requiring manual typing of blogger's code to put up the postings.
According to Eckelberry, the crooks are passing off undetected and he wonders how they manage to do it.
Eckelberry found one site that contains the Storm and also spam junk (this site's URL is http://www.visionbuzz.blogspot.com). A search on the Google for Storm's notorious keywords viz. "man your insane" and "dude what if your wife finds this" shows up hundreds of blog Websites, according to Eckelberry.
The blogs' entries are the same as that of some spam distributed by the gang. The purpose is to trick users into clicking links in crafty messages and download booby-trapped document files.
The criminals who launched this spam scam are skilled at using social engineering techniques to expand their botnet and its activities, said Bradley Anstis from security firm Marshal. BBC NEWS published Anstis' statement on August 30, 2007. The spammers have modified the spam messages to exploit current news events and updated the Storm payload several times to beat anti-virus software.
Some security experts suspect that the gang has infected over a million computers during January-August 2007 via a series of campaigns to send out the whole lot of their junk e-mails.
Related article: Storm Worm Returns with Follow-Up Attack
» SPAMfighter News - 11-09-2007