Storm, the botnet-building Trojan horse, has come up with another twist to dupe users into infecting their PCs with malware, a security researcher said last week.
Longtime clients of the Russian Business Network (RBN), a notorious hacker- and malware-hosting network that mysteriously vanished after shifting operations from St. Petersburg, Russia, to Shanghai are involved in the attack, said Paul Ferguson, network architect at Trend Micro.
Yesterday, Trend watched as existing bots controlled by Storm were seeded with new spam templates that included links to sites on GeoCities, the free Web hosting service owned by Yahoo. Today, Storm kicked off the new attacks. "This has developed into a full-fledged attack vector," Ferguson said.
The GeoCities sites are infected with malicious JavaScript code that redirects the user's browser to secondary URLs hosted in Turkey, Ferguson said. The Turkish URLs, meanwhile, try to persuade the user to download a new codec that's supposedly necessary to view images on the GeoCities sites. According to Trend Micro's analysis, the bogus codec -- which claims to be for the 360-degree IPIX format -- is actually an identity- and information-stealing piece of malware.
Fake codecs have become the latest choice of hackers, with several notable attacks recently relying on users' naivete about what a codec is, why it might be necessary and why they can be untrustworthy. The attacks last week that originated at hacked MySpace pages -- including R&B singer Alicia Keys' -- touted phony codecs, for example.
That Storm has turned to hyping codecs tells Ferguson that the botnet's controllers are nimble and flexible in their approach to social engineering. "They're intertwining codecs with other types of social engineering," he said.
By his reckoning, Storm has become much more than just a name for a malware family. "It's actually a covert channel of distribution for these [bad] guys," he said. "It's a communication network, a way for them to communicate information they want to seed," whether a round of spam touting penny stocks or a new piece of malware. "And it's a way for them to get what they've collected" from the now-compromised computers, he added. "It's a covert network."
Ferguson also said that there was evidence that known RBN customers were responsible for this newest use of Storm's botnet. "Some of the same RBN operators are involved," Ferguson said. "It's some of the same crew."
Read up on the latest ideas and technologies from companies that sell hardware, software and services. Achieving the impossible: Unlimited application scalability
IT Service Management Needs and Adoption Trends: An Analysis of a Global Survey of IT Executives
The state of Middleware
Everything you need to know about email and web security (but were afraid to ask)
Email Archiving Implementation: Five Costly Mistakes to Avoid
Delivering the Power of Choice with Microsoft Dynamics CRM
Solve Exchange Mailbox Storage Issues Once and for All
Best Practice in Building an Integrated Information Management Strategy
Zones provide focussed content from Computerworld and leading technology partners.
Discover how SOA can create smarter outcomes for your business.
Attend and learn:
- How SOA is helping leading companies to become more agile
- Where you should be applying SOA processes in your company
- The top SOA implementation mistakes to avoid
Click here for more information.
- +
Computerworld Live Podcast #97: The Future of Enterprise Networking 25/07/2008 09:45:36
This week CW Live chats with Mark Thompson, global sales and marketing manager for HP ProCurve, on the future of the enterprise networking. Mark discusses the trends we can expect to see in the near future and how the right infrastructure can ensure your enterprise network is secure. - +
Computerworld Live Podcast #96: Security at the Edge 11/06/2008 09:22:22
CW Live speaks with Amol Mitra, HP ProCurve Director of Marketing for Asia Pacific and Japan. Today's topic: how enterprises are starting to shift away from simply controlling security via server logins, firewalls and moving to more adaptive security frameworks. - +
Data Management Edition #10: Multi-Petascale Systems 02/05/2008 09:12:33
This week we look at sustainability and the development of multicore technologies to build multi-petascale systems. - +
IT Security Edition #11: How to poison the Storm botnet 01/05/2008 08:51:55
This week CW Live presents a case study on how to poison the notorious Storm botnet . Plus we take a look at Cisco's plans for Ironport. - +
IT Security Edition #10: Cyber-battles fought and won 24/04/2008 11:09:47
Vendors bow to end user pressure to improve product security, and we take a look at the latest concepts shaping the cyber-battlefield of the future.
Borderless corporate networks to shift focus to secure content management in Australia in 2009 2008-12-04 16:06:00+11
IDC Says Asia/Pacific Excluding Japan IT Market Will Remain The Bright Spot... 2008-12-04 15:04:00+11
MySpot SOS "Panic Button" Smartphone Application could save lone worker lives 2008-12-04 13:34:00+11
Charles Sturt University Commences Unified Communications Deployment With Interactive Intelligence 2008-12-04 08:30:00+11
AOC Launches 18.5” Widescreen Green 16:9 LCD Monitor in Australia and New Zealand 2008-12-03 15:30:00+11
Gaining Competitive Advantage Through Enterprise Planning
No matter how good its products or innovative its services, no organization can perform to its full potential without an adequate planning structure in place. Discover how this can be done by reading on.
Buying Guides
Buying Guides
