Hackers bent on spreading the Storm Trojan horse have changed tactics again and are now trying to dupe users into clicking on links posing as YouTube videos, security vendors warn.
Apple Store announces Reserve And Pick Up program
11/07/09
For you pre-Thanksgiving shoppers, the Apple retail store on Friday announced a way to get a jump on your holiday list. The Reserve And Pick Up option will let you choose hardware products online and swing by your local store to collect them between December 15 and 24. Currently, the line-up of offerings includes iPods, iPhones, MacBooks, Mac Minis, iMacs, and Mac Pros. To make a reservation, you sign in with your Apple ID and select a store location. Payment is due only at the time of pick-up.
Q&A: isoHunt founder says P2P can help create post-piracy world
11/07/09
isoHunt's Gary Fung talks about how isoHunt has evaded legal trouble so far, why he holds out hope of working together with Hollywood and the music industry, and how he's launched a new P2P site for just that purpose.
Update fixes iPhone sync problem with Windows 7 for some
11/07/09
Gigabyte Technology issued a BIOS update on Friday that fixes a problem for some Windows 7 users who have been unable to sync their iPhones.
E-Mail article
|
|
Print article
|
|
Contact author
|
Reprint
|
AIM article
|
del.icio.us |
Reddit
|
Digg
|
Stumble
|
Slashdot It!
|
Storm, a.k.a. Peacomm and Nuwar, is now spreading via e-mail that includes a link that appears to be to a YouTube video, said Johannes Ullrich, chief research officer at the SANS Institute, on the Internet Storm Center's blog this weekend. "The link looks like a link to YouTube, but actually points to a 'numeric' URL like old Storm variants," said Ullrich.
Placing the mouse cursor atop the bogus YouTube link will show a numeric IP address rather than the expected www.youtube.com, a good indicator of a scam attempt.
Recipients who click on the link see a message that claims the video is loading in the background, said Vinoo Thomas, a researcher at McAfee Inc.'s Avert Labs. Actually, said Thomas, "an embedded obfuscated JavaScript routine attempts a cocktail of browser and application exploits." If any of those exploits are successful, Storm gets dropped on the PC.
Over the weekend, Roger Thompson, a researcher at Exploit Prevention Labs Inc., identified the multistrike exploit package as "Q406 Rollup," a collection that has made the rounds since late last year. Similar to other hacker kits such as Mpack, Q406 includes a dozen or more exploits.
Storm's markers have become well-known for their skill at adapting their pitches to get users to open attached files or click on e-mailed links. Last week, a Symantec Corp. researcher said the group was "very adept" at creating persuasive messages. "They have a knack for latching on to the latest newsworthy events and capitalizing on the public interest in them," said Hon Lu. "And if no newsworthy events are happening at the time, then they will just make them up."
The Storm Trojan horse reportedly behind the summer's plague of malicious greeting card spam, and the machines it has infected -- by some accounts a massive botnet -- served as the launching pad for a huge wave of pump-and-dump stock scam spam earlier this month.
For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.
| Start a public discussion with other Network World users on this article (scroll up to send this article to a colleague). Log In | Register for an account (Why you should) |
Note: Register to have your user name appear; otherwise your comment will show up as "Anonymous."
*Anonymous comments will only appear once they are approved by the moderator.
Copyright 2008 Network World Inc.
|
Does Verizon's Voyager stack up to the iPhone? |
5 IT skills that won't boost your salary [1,407]
Women 4 times more likely than men to cough up personal info [589]
Japan's 10 funniest tech-related commercials [Videos] [407]
Throwing away a promo CD is "unauthorized distribution"? [1,265]
Adults too quick to dismiss educational video games [682]
Attack of the iPhone clones [Slideshow] [578]
10 things IT needs to know about AJAX [1,258]
This Year's 25 Geekiest 25th Anniversaries [Slideshow] [409]
Network World on Twitter: Get our tweets and stay plugged in to networking news