NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0068 New Storm Trojan Variant:

A new variant of the "Storm" Trojan is injecting its come-on into blogs, web-based message forums, and webmail as part of an effort to spread itself to an ever-widening net of PCs. A principal research scientist at Secure Computing said that the Trojan - best known as the "Storm Worm" but also pegged as "Peacomm" and half a dozen other names by anti-virus vendors - is using a novel approach to spread. An initial infection is still carried out via email, which touts a link that when clicked downloads a number of malware components to a victimized machine. Once on a PC, however, the malicious code injects itself into the network stack as a rootkit and analyzes all outbound web traffic. The Trojan has looks for boards, email, and blogs. When a user on an infected PC posts a message to a forum or blog, or sends a message via popular web-based mail services such as Hotmail, Gmail, and YahooMail, the Trojan adds text to the entry or message.

(Computerworld 27FEB07)

Last Modified: Sunday, 04-Mar-2007 10:01:22 EST