Massive spam shot of 'Storm Trojan' reaches record proportions | Ford Explorer - Ford Ranger Forums - Serious Explorations
  • Register Today It's free!

Massive spam shot of 'Storm Trojan' reaches record proportions

Blee1099

Evil Asian
Moderator Emeritus
EF Vendor
Joined
March 3, 2002
Messages
13,890
Reaction score
43
City, State
Elkridge, MD
Year, Model & Trim Level
04 4Runner, 22 Silverado
A massive spam outbreak that tries to trick recipients into opening a file attachment that can hijack their computers has already broken records, security companies said today.

According to researchers at Postini Inc., the spam run is the largest in the last 12 months, and more than three times the volume of the two biggest in recent memory: a pair of blasts in December and January. "We're seeing 50 to 60 times the normal volume of spam," said Adam Swidler, senior manager of solutions marketing at Postini.

Arriving with subject headings touting Worm Alert!, Worm Detected, Spyware Detected!, Virus Activity Detected!, the spam carries a ZIP file attachment posing as a patch necessary to ward off the bogus attack. The ZIP file, which is password protected -- the password is included in the message to further dupe recipients -- actually contains a variant of the "Storm Trojan" worm, which installs a rootkit to cloak itself, disables security software, steals confidential information from the PC and adds it to a bot army of compromised computers.

Irony, it seems, isn't lost on the attackers. "This is really a self-fulfilling prophecy," said Swidler, "by warning users about a worm attack to get them to click on a worm."

There's little funny about the attack. "We're seeing both a very high volume of spam and a self-replicating worm," said Swidler. "This combination is kind of sophisticated. It's technically sophisticated in how they package the payload, but also in how they're trying to fool users into clicking on the attachment."

The malicious spam, Swidler went on, tries to convince users that their computers are already infected with malware and now part of a botnet. "They're telling people that their e-mail access is about to be cut off, and that they have to install this patch to continue using [e-mail]."

Postini has already counted nearly 5 million copies of the spam in the last 24 hours, and calculated that the run currently accounts for 87% of all malware being spread through e-mail. Spam rates have jumped as well; Postini said 79% of all e-mail is now spam, while rival MessageLabs Ltd. reported a 13% jump in spam's slice of all messages in just one hour.

"Expect this to grow much larger," Swidler said. "It should top out at 60 million messages within the next 24 hours."

Worse, the malware bundled with the spam is self-replicating, so it's able to sniff out e-mail addresses on infected PCs and send copies of itself to those recipients.

"There will be a fair number of additional infections," Swidler said. He warned that even when the spam campaign exhausts itself, the newly compromised computers might be able to sustain large quantities of spam on their own.

The spam blast also includes a host of randomization and antidetection features, other researchers said. "E-mails are randomized with different filenames, different passwords and different binaries within the ZIP file to evade detection," Ken Dunham, director of VeriSign Inc.'s iDefense rapid response team, said in an e-mail. "And once executed, the worm communicates over a private peer-to-peer (P2P) network to update itself."

The latter is a longtime characteristic of the Storm Trojan family.

Because the Storm Trojan has been assigned several different names by antivirus vendors, it's difficult to determine which security companies reacted first. Some, however, have already created new signatures to sniff out the malicious payload. Symantec, for example, noted the new strain on its Web site, but said there that it won't update customers with the detection fingerprint until tomorrow.

That may be too late for some users.

"It is highly likely that this latest attack will result in many more downloads, pump-and-dump attacks and more, as seen with former Storm Worm attacks," Dunham said.
 



Join the Elite Explorers for $20 each year.
Elite Explorer members see no advertisements, no banner ads, no double underlined links,.
Add an avatar, upload photo attachments, and more!
.





tdavis

Linux Guru, Jack of All Trades
Staff member
Admin
Elite Explorer
Joined
January 17, 2000
Messages
6,699
Reaction score
150
City, State
Pinole, CA
Year, Model & Trim Level
2001 F250/XLT Superduty
Callsign
KG6MAX
I saw that, and I am checking to make sure explorerforum.com's spam software setup is upto date enough to stop lots of it.

The biggest problem is lots of anti-virus's will not warn you on this one until you update - and the updates for a few isn't till tomorrow... :rolleyes:
 


















'97 V8

Explorer Addict
Joined
April 2, 2005
Messages
3,614
Reaction score
1
City, State
ft. knox ky
Year, Model & Trim Level
'97 mounty 5.0 4x4 baby!!
well anything like that is already suspecious. If you open something like that, you deserve to be trojaned :D
 






Blee1099

Evil Asian
Moderator Emeritus
EF Vendor
Joined
March 3, 2002
Messages
13,890
Reaction score
43
City, State
Elkridge, MD
Year, Model & Trim Level
04 4Runner, 22 Silverado
Just be on the lookout for e-mails with the following subjects fields:

A killer at 11, he's free at 21 and kill again!
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
British Muslims Genocide
Naked teens attack home director.
230 dead as storm batters Europe.
Re: Your text
Radical Muslim drinking enemies's blood.
Chinese missile shot down Russian satellite
Chinese missile shot down Russian aircraft

Or attachments as:

FullVideo.exe
Full Story.exe
Video.exe
Read More.exe
FullClip.exe
GreetingPostcard.exe
MoreHere.exe
FlashPostcard.exe
GreetingCard.exe
ClickHere.exe
ReadMore.exe
FlashPostcard.exe
FullNews.exe

It is known in Symantec as trojan.peacomm or Small.DAM [F-Secure], CME-711 [Common Malware Enumeration], Troj/Dorf-Fam [Sophos], Downloader-BAI!M711 [McAfee], TROJ_SMALL.EDW [Trend], W32/Tibs [Norman]
or W32.Mixor.Q@mm
 












tdavis

Linux Guru, Jack of All Trades
Staff member
Admin
Elite Explorer
Joined
January 17, 2000
Messages
6,699
Reaction score
150
City, State
Pinole, CA
Year, Model & Trim Level
2001 F250/XLT Superduty
Callsign
KG6MAX






briwayjones

Manual Master
Joined
December 11, 2003
Messages
4,460
Reaction score
6
Location
Maryland, USA
City, State
Eldersburg, MD
Year, Model & Trim Level
2000 Ford Explorer XLS
BAN HIM!

just kidding.

I deleted it. :p:

Woah, my screen is starting to swirl. Wooo, crazy, I'm going dizzy. Red Screen Of Death aaaaaaaaaaahhhhhhhhhhh................
 






Top