Storm worm targets Barclays, Halifax customers
By Miya Knights,
The 'Storm' botnet is at the core of new phishing activity specifically targeting Barclays and Halifax customers, a security research firm has identified.
The Fortinet threat response team this week discovered these targeted attempts to get users to divulge sensitive account details that exploit the worm, also known as Trojan.Peacomm, in the latest evolution of its use, which breaks away from the trend of using it to send out spam on a massive scale.
This evolution of Storm as a peer-to-peer (P2P) network botnet, using a coordinated collective of infected computers estimated to range in number from thousands to millions of PCs, to target vulnerable users of online banking services with a security check scam has never been seen before, Guillaume Lovet head of Fortinet's threat response team told IT PRO.
"This worm has never been involved in phishing before," he said. "It sends out emails randomly in the hope that some users will be customers of these banks."
The Barclays message, first posted in a Fortinet advisory Monday, reads: "We are undertaking a period review of our member accounts," and prompts users to click on a link designed to get them to enter sensitive personal information like bank details.
A Barclays spokesman told IT PRO: "We are aware of continued phishing attacks and always recommend that customers do not 'ever' give away security details in this way."
Then yesterday Fortinet discovered customers of Halifax had also been targets. This time, the email pretended to alert the user to a security breach in order to trick them into handing over information in the same security check scam.
At the time of writing, Halifax, a division of Bank of Scotland and part of the HBOS Group, had not responded to a request comment on the reports.
Fortinet also pointed out that, while this type of activity is a first in terms of its use of the Storm botnet, the social engineering hook of false security checks in these phishing emails was identified several years ago - indicating that it has most likely been dug up from an old phishing kit.
Lovet also said this suggested parts of the botnet created by the Storm worm are now being sold off to different criminal groups with varying cybercrime tactics.
First spotted a year ago, peacomm was the first malware to use peer-to-peer networking (P2P) or mesh topologies to target unsuspecting Microsoft Windows computers across the internet.
advertisement
Latest Security Features
NHS IT - something to celebrate?
To mark the 60th anniversary of the NHS, IT PRO examines the massive IT overhaul at the health services giant.
- Q&A – Tom Ilube, head of Garlik
- Ten of the most infamous ‘black hat’ hackers
- USB Flash Disks: A modern day business curse?
- Creating a mobile data management policy
- Behind the scenes: Symantec's malware battle
- The rise of storage security
- Google Mail Security
- Demand for tougher data breach legislation
- An Audience with Bill Gates
Latest Security Reviews
Finjan Vital Security Web Appliance NG-6000S
Rating: 
- LogLogic MX2010
- Exclusive: WatchGuard Firebox Core X750e
- Sophos ES4000 Security Appliance
- Microsoft Forefront Security for Exchange and SharePoint
- EXCLUSIVE: Juniper Networks SSG 550 UTM appliance
- EXCLUSIVE: Arbor Networks Peakflow X 3.7
- EXCLUSIVE: Check Point UTM-1 1050
- EXCLUSIVE: Finjan Vital Security NG-5100
- EXCLUSIVE: Astaro Security Gateway 120 Appliance
advertisement
Latest News Videos in Security
Video: Q&A with Richard Archdeacon, Symantec
PlayIT PRO speaks to Richard Archdeacon, director, global services, at the information security software vendor Symantec.
White papers
Want more background on today's hottest IT trends?
Visit IT PRO's white paper library for more on virtualisation, encryption and other topics.
Register for IT PRO
You'll get exclusive member benefits including free white papers, downloads, Webinars and weekly newsletters full of the latest IT PRO news, reviews, insight and expertise.
Social Bookmark this article: What is this?