"Storm Worm" Takes Over Millions Of Computers

Posted by Pile (13207 views) Add this story to MyYahoo Add this article to del.icio.us Submit article to Reddit Add story to Furl Add story to StumbleUpon [E-Mail link]

The authors behind a specific strain of malware are trying every trick in the book to get users to succumb to their ill-meaning plans. You name it, they've used it: weather news, personal greetings, reports that Saddam Hussein is still alive, reports that Fidel Castro is dead, sexy women, YouTube, and even blogs. The group seems hellbent on creating the largest botnet to date, and as long as users are stupid enough to click on things without thinking, they just might do it.

The "Zhelatin gang"—named after the trojan it installed—was responsible for what started out as the "storm worm." First spotted earlier this year, the spread of the "storm worm" started via e-mails purporting to provide information on some dangerous storms in Europe at the close of January. Users who fell for it were directed to a web site containing malicious code aimed at turning Windows PCs into spam bots.

According to researchers, in late January the worm had accounted for 8 percent of global virus infections after a single weekend rampage.

Over time, e-mails containing links to the "storm worm" took on many forms, from supposed missile strikes to reports of genocide. Then last month security firm F-secure noted that the Zhelatin team had switched gears and was focusing on greeting-card spam. The e-mails originally directed users to a web site that prompted the download of ecard.exe, but eventually morphed slightly so that the link pointed to a site that claimed the user needed to install "Microsoft Data Access" in order to view the card. Naturally, this download installed a trojan on the user's computer for the purposes of relaying spam.

And that's when the changes began to speed up. Zhelatin changed its game mid-week to suggestive e-mails from lonely females, which prompted end users to click a link to see what they could do if they "get lonely." Days later, however, security firm Sophos noted that the e-mails had changed once again, this time to spam claiming to contain a link to an awesome new video on YouTube. Same tactic, same virus.

But if promises of Kelly Clarkson's latest music video in e-mail weren't enough, the worm has now switched its focus to blogs. Unlike the typical "comment spam" that many of us have grown used to on our personal blogs, the worm is actually getting into people's Blogspot accounts and creating new blog posts with links to the trojan.



Posted by thingy on 2007-09-03 15:44:29
The latest one is through youtube messages. It's getting easier to track this as a non-security-expert seeing as they're the ones that get past my spam filter.

I run my email client in plain text so I can see bad links plain as day, and this last week I've been getting a sudden increase of messages sent to my youtube account which contain typical spam links. The number of these I've started receiving is equal to the number of spam messages from strange girls I've never heard of who are interested in me or think my schlong isn't up to the job.


Name: (change name for anonymous posting)

1 Article displayed.

Pursuant to Section 230 of Title 47 of the United States Code (47 USC § 230), BSAlert is a user-contributed editorial web site and does not endorse any specific content, but merely acts as a "sounding board" for the online community. Any and all quoted material is referenced pursuant to "Fair Use" (17 U.S.C. § 107). Like any information resource, use your own judgement and seek out the facts and research and make informed choices.

Powered by Percleus (c) 2005-2047 - Content Management System

[Percleus 0.9.5] (c) 2005, PCS