Storm Worm Shows New Developments on the Threat Landscape
Security provider MessageLabs announced on September 5, 2007 that its new data shows that the latest developments with the Storm worm involve YouTube video and virtual postcard requests to spread the Trojan malware, and an increase in the number of new malware-laden Websites that appear almost every day.
The research team of the company found a massive outbreak of 600,000 e-mails in a single day on August 15, 2007. It estimated about 1.8 Million computers worldwide to be part of the Storm worm botnet.
Although virus writers modify the subject lines and body message, the e-mails invariably have a typical line of HTML or simple text with a link connecting to one IP address. That IP address further redirects the victim to a remote server in order to infect his/her machine with the Storm worm code. The remote server by default re-encodes the Storm Trojan every half an hour.
Just like other botnets such as of Warezov, the techniques here too are the same. The positioning of the back-end server that assists in amassing infected PCs to build the botnet are protected with the help of a DNS technique called the 'fast flux' that rapidly changes. This method makes it hard to determine the position of the mail servers so as to disable malware hosting sites.
The Storm worm Trojan is still a critical threat on the Internet because of its tactic to take up different disguises every time. The Storm-enabled botnet making such a commanding force and showing no indications of abating calls for increased vigilance on all known and unknown attachments and Web links, said Mark Sunner, Chief Security Analyst at MessageLabs. ITPro published this in news on September 6, 2007.
The volume of e-mails that carried links to risky code was very high in August 2007 as a result of the Storm worm activity. It increased to 19.5% against July 2007 rate of 0.5%.
MessageLabs' analysis revealed a steep rise in new malicious sites emerging every day. On average, there were 1,772 new malicious Websites daily in August 2007, an increase of 783 each day over July 2007.
Related article: Storm Worm Returns with Follow-Up Attack
» SPAMfighter News - 17-09-2007