February 10, 2008   Sign In |  About ebizQ |  Contact Us |  Join ebizQ Gold Club
Peter Schooff
Peter Twenty-Four Seven Security
 Peter Schooff's blog is a daily look at what's going on in the world of computer security with an emphasis on how it affects businesses.

« Does Stock Spamming Really Work? | Main | PhishTank Seeks Bigger Tank »

January 23, 2007
"Storm" Worm Raining Spam

As the "Storm" worm makes its way around the world, experts are predicting that as the worm infects more and more computers, another big wave of spam is soon to follow.

The storm worm is being distributed in order to set up another botnet, or a network of infected computers that can be controlled by an external master computer. The worm, first uncovered Jan. 15, is being called storm because in the subject line it references a major storm in Europe.

Like a tabloid newspaper prospecting for readers, the subject line attached to the malware varies between, "230 dead as storm batters Europe" and "First nuclear act of terrorism!" As reported by Eweek, they say that this is another example of the rising tide of social engineering spam, which is spam that plays on people's fears to gain access. The spam contained attachments titled "full clip.exe" and "read more.exe," and once opened they create a backdoor can be exploited in the future.

Since that successful attack, which was mostly focused on consumers, a new variant has appeared with subject lines like "The Mood for Love" and "I Dream of You."

Commtouch officials said they identified and blocked over 5,000 distinct variants during the first four days of the "Storm" worm activity, and there were time periods during those days when the malware accounted for nearly 17 percent of all global Internet e-mail traffic.

"Malware writers know they have limited time before an AV signature or heuristic will be created to block any mass-distributed malware, so they break the outbreak into thousands of variants and distribute in smaller numbers of instances to maximize infection," said Haggai Carmon, Commtouch vice president of products, in a statement.

"Once AV engines battled to get a signature out within the first few hours of the outbreak, now the hard truth is that even these signatures are now becoming ineffective to protect against the first wave of each new variant. In the time it takes to write and distribute each new signature, thousands of newer variants are launched against which the signature does not protect."

Posted by pschooff in Spam |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1213

Comments

Hi Peter,

Since our trackback pings are turned off because of the incessant SPAM we get (ah, the irony), I can instead simply say, "Hey, I blogged about your blog," >right here!

Posted by: elizabeth at January 23, 2007 01:19 PM

Post a comment




Remember Me?

(you may use HTML tags for style)

We ask that you type your code (displayed below) in the text box.This code is an image that cannot be read by a machine. It prevents automated programs from submitting comments.


Code:



Most Recent ebizQ Blog Entries
ADVERTISEMENT
Subscribe
News Feed
Recent Posts
Categories
Archives
Blog Roll
Blogosphere
This Work
Accountability:The opinions expressed in this blog are solely representative of the blog's author, and not of ebizQ
Subscribe to our Newsletters
ebizQ Weekly Gold Club Update
Live Webinar Updates
Updates from ebizQ Partners
ebizQ SOA Update
ebizQ BPM Update
ebizQ Security Update
ebizQ BI Update
ebizQ Open Source Software Update
Virtual Show Newsletter
Your E-mail Address:
BAM: The Killer App for CEP
Date: Feb 12, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Event Processing Market Pulse
Date: Feb 14, 2008
Time: 12:00 PM ET
(17:00 GMT)
I WANT TO ATTEND
Archived Webinars | Upcoming Webinars

Marketing Solutions | Feedback | About ebizQ | Unsubscribe | Privacy Policy | Site Map