Storm worm still raging
By Rene Millman,
The Storm trojan is still causing havoc and has changed tactics over the last month in order to infect computers, according to the latest Messagelabs report.
The company's research team had observed a large increase in emails with links to virtual postcards and YouTube videos. The team noted a significant outburst on 15 August of 600,000 emails over that day. It estimated that the StormWorm botnet now comprises of 1.8 million computers around the world.
While virus writers change body text and subject lines, the emails always have a tell-tale line of simple text or HTML including a single link to an IP address. That IP address refers to another infected machine within the botnet which subsequently redirects to a back-end server in an attempt to infect the victim with a copy of the StormWorm Trojan code. The back-end server automatically re-encodes the malware every thirty minutes.
"The StormWorm trojan continues to be at the forefront of the threat landscape through its tactic of reinventing itself in different disguises," said Mark Sunner, chief security analyst.
"With such a commanding botnet now in force and no signs of it waning, vigilance needs to be increased and enforced on all unknown and also known web links and attachments," he said.
The worm showed no sign of abating this month. Virus writers took advantage of the Labor Day holiday in the US to spread via holiday-themed emails, according to Vinoo Thomas, a McAfee Avert Labs researcher.
Thomas said that the authors of the latest variant used anchor tags in HTML to mask the greeting card link so that an unsuspecting user does not notice that it actually points to a malicious IP address.
"Hovering the mouse over this disguised link is a quick and dirty way to reveal the real destination address," said Thomas. "Users who fall for this bait are directed to the following Happy Labor Day page."
Thomas said that while enterprise customers have the bandwidth and resources to ensure every machine on the corporate network is fully patched. "It is usually home consumers - the low hanging fruit that fall prey to these malicious tactics," he said.
advertisement
Latest Security Features
The continued curse of cybersquatting
For some, it’s a problem confined to the early days of the Internet. But current figures suggest that the cybersquatting problem is, if anything, growing.
- Where next for Microsoft, Yahoo and Google?
- Top 10 mobile features of 2009
- Top 10 security predictions for 2009
- Top 10 reviews of 2008
- The year in IT news
- Top 10 security stories of 2008
- Top 10 business phones of 2008
- 15 tech charities that need your help
- PCI's Bob Russo: Data loss hurts brand more than a fine
Latest Security Reviews
Fujitsu Siemens FibreCAT SX80 iSCSI
Rating: 
advertisement
Latest News Videos in Security
Video: Mobile security threats and Mac complacency
PlayPart two: Eugene Kaspersky, chief executive and founder of Kaspersky Lab, talks about the increasing security threats mobile users are facing.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?