NOW READ THIS
("Security Advisory")
| Go Back |
Submitted by: Bill Hickey
NCVA List Master
NRT-0287 Storm Worm Attack Shifts From e-cards to Malicious Web Pages:
Researchers at SecureWorks discovered late 08AUG that the Storm worm authors have taken their full attention off of e-mail-based attacks and have started creating malicious web pages. E-mail-based attacks - phone e-cards and fake news alerts - have worked exceedingly well, helping the attackers build up a botnet at least 1.7 million strong, according to SecureWorks. Don Jackson, a security researcher at SecureWorks, ascribed the change in tactics to the fact that IT managers and consumers are getting better at blocking or at least ignoring the e-mail attacks, so the Storm Worm authors are setting up an alternative attack strategy.
Jackson said he spotted two malicious web sites that have the Storm attack malware embedded in them. One site was set up specifically for malicious purposes, while the second is a legitimate site that attackers hacked into and infected. The attackers are using IFrame, which is an HTML feature that makes it possible to embed elements of one web page inside another.
Before the Storm worm operators began their attack, an average day saw about 1 million virus-laden e-mails crossing the Internet, according to Postini. Then on July 19 Postini recorded 48.6 million and on 24 July researchers tracked 46.2 million malicious messages - more than 99 percent of which were from the Storm Worm - said to be the worst malware attack in the last two years.
(www.informationweek.com 09AUG07)