Storm Worm Machines Made Millions of People Their VictimsAfter successfully introducing the Storm Worm variant on Halloween, the creators of this menace had launched a Christmas edition on e-mail users. With the beginning of the festive season, Storm Bot Network became active and online shoppers and Internet users received Christmas e-mails with attractive headings like "I love this Carol!", "Santa Said, HO HO HO" etc. These e-mails were written in the English language and contained inoffensive words that make browser to trust them, followed by a URL looking legitimate. The messages didn't have anything like payload, which might annoy users, instead had an attractive link that led to web page of www.merrychristmasdude.com. As the user clicked the link, pictures of scantily-dressed women with a Christmas theme appeared. On the web page, surfers come across ladies wearing red and white Christmas underwear that reminds the UK TV adverts for the gutter press. When surfers reached to the web page, nothing special happened by its own but the site linked to the e-mail tried to install a worm on the user's computer as an executable "stripshow exe" file. The team of network security at ARBOR has given an exhaustive report on payload lodged by the harmful site and recognized it as a Storm worm variant. As per ARBOR, a compromised host will install C:\WINDOWS\disnisa.exe file and stores the friends list in C:\WINDOWS\disnisa.config. After that, it opened an arbitrary pair of TCP/IP ports, reduced the firewall settings of Windows, resulting in the usual havoc created by Storm Worm. The domain name took to a list of DNS IP address but the site, since December 25, 2007, appeared sporadically non-response. These sites didn't stop the flow of corrupt e-mails with messages "merry Christmas, dude" during Christmas eve. An exhaustive research indicates that the administrative and contact information of domain name point towards Canadian sites. The Whois data was provided by whois.nic.ru, Russia showing that Russian domain registrar was exploited. With an objective to save people from cyber crooks to become their victims, security agencies and researchers have suggested that users should avoid e-mails with attached files and links from opening. They also suggested to install updated and the latest version antivirus available in order to halt the pest from slipping into the systems. Related article: Storm Worm Returns with Follow-Up Attack ยป SPAMfighter News - 1/8/2008 |    |
Dear Reader
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!
 |  |
