- Bank Web sites full of security holes
- SCO Group: Its future is all used up
- Maligned feature being added to IPv6
- I returned my iPhone 3G after six days!
- VPNs: Six burning questions
News | Newsletters | Podcasts | Chats | Opinions | RSS Feeds | This Week In Print | IT Careers | Community | Reports | Downloads | Slideshows | New Data Center
Partner Sites:App Performance | On Demand Security | Networking Solution | SOA | Value of WDS
A new variant of the "Storm" Trojan is injecting its come-on into blogs, Web-based message forums and Webmail as part of an effort to spread itself to an ever-widening net of PCs, according to a security researcher.
Dmitri Alperovitch, principal research scientist at Secure Computing, said Tuesday that the Trojan -- best known as the "Storm worm" but also pegged as "Peacomm" and half a dozen other names by antivirus vendors -- is using a novel approach to spread. "This is a really neat twist, through the Web channel," said Alperovitch.
An initial infection is still carried out via e-mail, which touts a link that when clicked downloads a number of malware components to a victimized machine. Once on a PC, however, the malicious code injects itself into the network stack as a rootkit and analyzes all outbound Web traffic
"It has hooks for boards, e-mail, and blogs," said Alperovitch. When a user on an infected PC posts a message to a forum or blog, or sends a message via popular Web-based mail services such as Hotmail, Gmail, and Yahoo Mail the Trojan adds text to the entry or message.
"It inserts 'Have you seen this link?' along with a link to what seems to be a video," Alperovitch said. Anyone clicking on the link will only find their system infected. "He's not targeting particular sites. Instead, his code is generic enough to work on lots of sites." Secure Computing has seen evidence of the bogus posting on messages forums, including one for Men's Health, as well as "thousands of blog entries," said Alperovitch.
The Trojan has been making the rounds since January, when it first surfaced and was slapped with the "storm" name because it debuted with subject lines shilling news of damaging weather that rampaged across Europe. Since then, it has been collecting compromised PCs into a botnet of zombies that can be used for sending spam. Other malware downloaded to infected machines tries to steal passwords or uses the PC to launch distributed denial-of-service (DDoS) attacks.
"This looks like it's working," Alperovitch said, adding that users can protect themselves by not clicking on links.
Rss FeedRss Feed
If the IT manager is knowledgeable regarding Cisco technology, he would have 2 options. Option 1 - Consult...- Anonymous
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com | The Industry Standard | IDG List Services | IDG TechNetwork |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
Partner Content
Brilliantly simple security and control solutions for email, web and endpoint
www.sophos.com
Stopping data leakage
Learn how to exploit your current security investment to control the information that flows into, through and out of your network.
Download the white paper.
Why detection rates aren't enough
Evaluating endpoint security products is a time-consuming and daunting task. Learn the six critical questions you need to ask to prospective vendors to get the right endpoint solution.
Download the white paper.
Unauthorized applications: Taking back control
Employees installing and using unauthorized applications like IM, VoIP, games and peer-to-peer file-sharing applications cause many businesses serious concern. How do you control these applications?
Download the white paper.
Comment