|
|
|
Spam Spreads Storm Trojan Across Internet
By: Brian Prince
2007-08-22
Article Rating: / 1
There are 0 user comments on this Network Security & Hardware story.
The Storm worm spreads through daily spam ploys, including e-cards and security logins.The Storm worm continues to sweep through the Internet, this time via a new series of spam e-mails that use login account confirmation details as bait to get recipients to visit malicious Web sites.
The TRACE (Marshal Threat Research and Content Engineering) team reported the spam e-mails appear to come from a legitimate organization and offer recipients temporary login confirmation details for a Web site. The spam uses text such as "for security purposes, please login and change the temporary Login ID and Password" and includes a link to an IP address that is actually a Web site infected with the Storm Trojan.
"We have noticed overnight a strong up-tick in the volume of confirmation spam from 18 percent of all spam yesterday to 35 percent," said Bradley Anstis, director of product management at United Kingdom-based Marshal, in an interview with eWEEK. "This suggests to us that many people are getting caught by it. This is not surprising since the malicious code itself seems to be morphing every 30 minutes or so, making it very difficult to detect with AV scanners…The Storm Trojan has been in circulation now since early this year and is quickly becoming one of the worst offenders of all time!"
 Click here to read more about the Storm worm.
The Storm worm first touched down on the Web in January. Also known as Zhelatin and Nuwar, the Trojan spread through massive waves of e-mail with subject lines referencing a major storm in Europe and other current events. In the ensuing months, the group behind the malware used a variety of different kinds of spam ploys, including malicious e-cards, to propagate the worm.
Earlier this month, Atlanta-based security firm SecureWorks reported the number of hosts launching the attack via e-mail had jumped from 2,815 in the beginning of the year through the end of May to a total of 1.7 million in June and July.
Finnish security company F-Secure warned about the latest twist involving the Storm worm Trojan.
"A few times over the last week weve posted on how the e-mails used by the Zhelatin/Storm gang have changed, so we werent too surprised to see them change once again," a F-Secure researcher wrote on the companys security blog. "This time though, they look very different as they talk about you having signed up for different services such as MP3 World or Internet Dating."
Anstis noted the new "confirmation spam" outbreak has been launched by the same group that launched the Hot Pictures spam campaign earlier in the week. Though in the past, spam campaigns such as the greeting card campaign would last for weeks at a time, spammers are now modifying or launching new spam campaigns almost daily, he said.
"They are trying to stay one or two steps ahead of the security companies. It typically takes a lot longer for a security company to react to a new threat than it takes for them to release," he said. "In this case, the Storm Trojan in all its guises is getting a lot of press, e-card spam, PDF spam, etc., so users are quite well versed. They have to try new techniques so that they can continue infecting PCs and expanding their Botnets. With the malicious code they are using to infect people morphing so often and also other clever techniques like refusing to launch in virtual sessions, it is making it ever harder to track and detect."
Anstis advised anyone who receives a message like this from a person they do not know, or have not heard from for a long time, to delete it without opening it.
Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.
|
|
�������x}r۸j�9km"u#Mɖ�kŶ,%^I*�EB��ERv4s'ˮ��O7�t%_q*D
th4�?�{$sG3L{B.�cnQ?sOuޙ'76{�R(-GFgP+N-w5� E]0eNFNv@\��}@^sF7��D%x�_'Щ=ѩ&wɔiPoل͙ؗ6}^~b�.hѱ
⌳Il/G
t�yG`aFNo�Vs7-R�#X@v�Ina�>E�4fEQ
udnxЖ-AA9E,[3SAVU�̠`W:k1㝩S9m<]st/۽>9]vCGV=Bg#j�`Bm�iue_Zr�n`KK']įg��b
M��u4}GuISw2x!�z|=!9Io'�ɿ���پBds#�7�g�$�cM�|�Ah�2T��a��]v�joX ^YKS�70���3�h�_]#w���a4F�@L5�&�h�)5?�&F`Ma�b&DJH7�R��uRU/��(AM/�-
�5|*\($ٛ�"G�;�z̈_��"ʥ��g�p1S{l�.S4�epq��
^oVW͉:]X]uUjZnE?´Tw9yi
_wڤջEo�ǫ�g%",$��ꨦV+t�~}2,ՎJb�~�_1p�-~~j0B��m�]
:V|`6 i��vڌzh3�Ϩagfۉ9~��4$�AC66^lzK�4}j���>; ä��p;p|g�k�͇v1s�a �{>�0���sF}S`�I�
�l"�v|sc�м`y��na23fC?�F{7t$4�,/��{@`\@Z�8`�$8ʼ��E�]q�ksB�7}��ٜ�iL�L<�ģ\~v
(~9-R��;C/1t[t=JI �ڂ�"D%� T
h��4�Aǰ�E�EN�Aw;�.Vʥ�\.y"�m':Ν3T�ڹLX.QY,p[/ �͙JRdYu Q="`&�Qea*0pRx5Qn-`oJ#UWj& MX,�C�t�H{<7-` ��[N@�'4$f.*d٦39`�'s<�4ğN'}Ǻd��׃�+L+f9�L)A\_X�H�aA�4m)tsfڰ`DWj�m>!4ÃiА4XԹǦ�Z&5�SF`ߒ^86̜07ÚL ~D�'�詉m>`�4fs)wdm˴o��roBoڅRT眺_dA�_fMj�lȌu>IVB!7O wf@nmhIʅu.F��*�kb*q��(�5zS\O�Όō$����ЊOW}��?ٲZbY6 U7v/KƠ\>�_�R[k�(
M��2L����Z1��D�4$B]�`}.�e�G�QH�īl�-
ד6��:6pȞc}nP
rQ�jS#S�V+��a�5sV@��@��@�7h
��,9قrij>::N��X�點vo���w6�*'�l|0ː
;u�m
CM5,��v&Ԕ�fj:Y[���^�|��'��+�ȁUrqXkjpp0vVׅ=%
ΥOxMNp��v��9Je!6�c�{ji-6�ӞWH>LZ`!?r(1�IO5 &^PGe��d�^s`M[`R9cDzl lF� CQZ>-L.L{�� ��ipj^��ER��i�If~~i~R`T88l]~w�� 2q͝a&�?@��R)Ö13gdim&[ǙXT'j�bPI}'Xk5�F�><}*O|INtxK�F� "}��y��jm��sm�!�X`j H"*U�`n*vVѱ(�թ%6=@�,.�&Dtm?`�"#>}ڧ�ns�sQ*J73 R�ۏ�ZV,֪15V�\=*)j�7+|�&9�)R3Kuq�'|m1/N_o�>4F�xP��Joο�C0t�.tȕ`s|eL�Fմ�lxXa�$��Z`�F%*'�L)`�Ճ{3�M\PvSmf��
��"8&�Զs�w�q�5�`EY_o͑z,L�HT0��v#�3�Ho�a7X[�RkE}vW�7{%|h��#Q�
j`��
Kx{�ZCAm3۩w]܁c:P=H(T�g7gMEH]ac6U�{z@n�)ZmMӓU;4
OcIۛ��ojA-rF3�7��=_`�%�t�o@șY%7Gj3m9�7a~���<��(Gcj9K�XDOb+�>A:+lmBs0X3f~����ty{�Wz�&[�w5v �k�3_�?J}�[Lߴ�@V1m0]��̞�̙�A-m��ۨu��L�
j+6Xk�<�
�v-H�^{~w?I�L=�},�J�L�H-ǯ �i3FɁ㚺/ksOgnu"+JaHxG�2gd7(Ъ���#�iA/%{�N1 Qv}b;_&I|SeUȃV��8�2�V6jR�aokA~�fZX)#=�'0R TQ��O3(~�(zC9ku��uA>nRXS,.=HMX�JP?ITAte]T1n?cVPVW`Zd&s�\%\{s��i0o)QJ�3["X.DД�7Ϩ��3�Rb�
�
kQh-Bwyr�`�0W?�4$Nb�VqDMc?ր�h)k03f�Y�VW$Ԛ�kEI=NM��= h˃Q�aߏC�WuRԣ{{�C4}3݀��,�L)q31�Ȕ�ɹT)j
b[-W+��c"�a�!`0�T}V�D(�,E~w9ـo9�|R)T*�GrF2�R@BRNbx<'�b{H
'
a�V*S�7o~.Rȓ#�cI`���q��`w0Db*nL5 1114/xq~`�zY�_�%�/(0�h_�pm;U.:;b~g]ItM=8;$ES.�i{��0q�3f^;.� �3�9tߞ
<�{~sq 4
}$u/��U˻m{zg�a\[Tez�LR(���I�]�1�~̮Wv{V0lgA�hy# @$+ǽw!\v/ŗtOzk~�w/;R1AJ`'��u}{yȒu4*$yu�p|hq0)MF"0S�t՟��6� B�@�k,�8�;XMr! }%�=C٠G�h�Nٮ�{k^�+[���5�̀o $��`��P8����ǀzB�:�[�#i%�LB[(�
�`M/)�(+RJ)"4FL |�ڝu3��_f�3Rt<~Qr:aKѷo%Aߐ>1Kw�xE�xW(���hL�VfsF;@z�d�Nlp
jwySr�F�4/%a�]Z�ins
zsHaP;DZ3pu*hhw�%;yRb}�b%&h8W߅M^N4�~x�r�'|'xj��}yU�Y^K=t#J^uofܣ�ky~"ѴNxL�7Ď#^@(NVu2k#�x/�[_YN.t0o�C�9]#ޣd=tWc�L[ ;S>^Y��]s6�ͥ��O̴E�{�wmhG(V#w9c99P�a8:ʳ/q1~<,�?4fڈb{7 A皴.?�@
�̯�>��H-@N���^>2ǯQ�p]9Qz ACvgN~71n7~v_7�a4tͥV<�'i?{Ҿ2CWq���:i)`*9$�Dh�H^ݍd_"+2�NI˅^t;>�ri���,Fs��d3D?�ye1>�R35�4|#�y~cI�.�~�(TR��/aO�,J麇\%��(�]MT-/^\RK_ϫ����@< b]_��I{O�z�YX�dbQ+Wفg�
?
'|ȞF8^Xki��2��>
ZA#^؞qbL�px�2�HB%��wVp�N
Ov ��%�FJMc-ێ��!%�h�vpmU8"�Zy$N0 W^L·⎭zgQ�(�|[qzHV�_N�LRGqlh`j�x?F��'sfd2e3R,WDI#/z�{�_p��K2�.?eځU\.��7&"L$a!Ǝʰd�9fY_�J4\/=��B8�rYp>yQeM�YFN�7/bM x-:w�8)�Caf#>gG�%obGLب)@3�%<�,v�F<�Me"-#Lf>P���K�72�g@=R��cyVгxLϜtn��jqښĴ)ᄛ�S:��6|2j"gν4pVdzuF�jv����BF[�6|p4]["�P<�I�^�eFS8霪UWT0e�~db�wĦ_��Lːb"9`�e͢^04=
�k�.
e�j!�z�\Tˏ�W /G�p ּA.�~"]3�1Y t�D�,P�7O�zEQ!-�7W�9_s�����JCth9G{eg(ާL��o�c�x�K}WI}dq[�]�8RIHRQe!b��0C��³��hDaY -'DYῇ)Q�rű���5Wo�_�|%)^'Oe0Lt`d0�#
LNOtK�M%^,*Yl>.O8,a�E��R�a��b)�"�>Jm[)>}D܁icTJ3/-S xB)��DTJVY��`�' XD§"�a6Kqг�!AL�xImSzvm�CE)�*�.�e�P.L��m7-��R�*4U _ZU� ~@5˗`@�,2;4EYL���@8��$�0�,C7
��[ܶ殌RRy>FRǞ`8|l2Ǎt5�d
�`ҮkR�XT`�� � �I� $�y� �a"$Ψ7w}cWƪIJa[ƪ>�J�氎0Y�1q�c'(K*YKDB0�DN�$��ߖrz�IBj<�ǽ�Ue\l�c�� )N�/,KzA$GD|ʧ�4m+XL�&?|f�7ϛ@}��~s3f #T0=#吕N;gw$c;��[f鷸q,;3�܃E-S�åJR)ז��x�De���,�`�K�X�<��٩��i>-Y욠WK�SP:�+m]�"�F�c+ܢ@Q=]KMMM2fI�n;w�5a485-f8'0P�~ԑ�x$?PU'�cH�#] o嗲>.�Q)Rkc6@v�`;" A,1�A۵R�]jo
WD*]V#�gtak<7h!ug�XԦ�˲yg��X(�ih�<7hg4�U}i:Ez� YZ zчۙgBhRY�XjAy�%\^JM [$0��(�U||@C��BoyEh�|n|?$<7777fKj[f4�#}(`jS+�A�t0,Fԓjd٧ٷ`1 1��
���57|if��GC@Oe5Bg�U3dgb6[~a|�Ή|�6wߺAE�o}�(����
!~8��~�·7�-mkrC%Fc�)Кo�Gms\}6����\к��I@ )��B<�p�5o�5�4X�F?`wo�ux_oJj$ Ȇx>\*_][N;\h�1t��n*vT�Xw��<0݈]{ fV6�_�KW�ԓqF�m8^���L"q[¢`&L��:K���Xb{X2+�>��Z�V˟2+#w��5 +ly_u:��?p�WrηD�R|WA ſ��Gon鸑*c:ٍ HB�*D)�M�찆_�s )_LfERr��j���ߦ�#m_u�a}r�^�%�j/{�*�Gg�]I:gw�=W?�%4�C2Ć?a+I�iqlrG�g3&e<�-~dp"�=|2�+b98\!O<@1��;>f3h�Νc�
P�5?}ejg闺UpwQm}D`2�fW˲뿑$ye�1fF,�C"&Hm~�90�Ǽ�j�c"g5?ta�[<�ፈ=Zd�sSٿggaQ?(��es�Wo|֊�[NiΞCm�,%��\k>��ͨ4$pF{��#O_!^>�9�)�PAgt~GD)ޒ~R/fSx;a�v�f0}P�C�u&o[{�ωZT9 ?�KL)PG!�?A~2g5ǽST#䉯LHo�û�H���~���Vp�4��cD'|Ӕ]*KJA�k)'>?�F3(U6^g�Knb+\��*@,¶a�M�)ȁ.c6+1�ʱ, <~܋!&ƘKjxZ-ԕ|�%Jӊ,w9]�dDo-?5�j֘1"h*B Uٜ�AK5�l.��*Z!Ѥ�F�n�Zj>A;�l{�3#�lzZC ��JOk&
�a�v̈́+|�W@O[jk,YJ�%YթHo�,;]�yr�O�E�8a$܉J&$��y c'>tk��6٦KMµOuAʥ�8I֡Q��Dc�'`&Ub�
�BYTjGn��z O�YZ+)`{T��1mX5n�V9;aN�I�\�1꣱nb�0/RVIaJl~'�dM,+Z|U:�e|%wEB�ܶXN/{L'`߄����8g�:{ѫbR=Pk�;�8o�F_
�6a^FgZq1IG)Ɓ}o #b2z�ޘ�;6�#�Y$��Z
`Oh$�~bH]�-SWld""@Ո��^�_�ٹt!?s?��>zxX�2
dQ_���ۀu��e�mAG��@Gs�sEp|t@�!'vQ]Q
s�>xC�[7��ΥiC 3:<4& .ycI�� �^yN4X/n��|�+R0cE)'��t'Чx-nVX;z+i+*K����9I͑1;�^h`�50 }a3br�L5vt�wMZ!ՠۻ$ǝ
M¶-�J-�e��OzW�O�x0�cal\[d�_T
ΓQ�9l]t283E B*rK��x5�<
/g%�qx&0f/�EAwp�D(/�* F^-ÀacB�n_w}5Zq-;�Y�'>;d12�ZT��m�x9j��0FIg p��!>Ew;'�һ䚡IJ/�3AOP)�ʯ7S[�=(e#�6�NF l.?�f-mF߾ϺYwsykv�пnF?ӽ(w3kg�y�|��s�_d�/�}/2{�Ƞ��E�^�^d'e��CF�e�Q~���0�{ s!?0~�׃2�?=/�r�q�WU?����~��A�
�\�}�}�Y߇�>�>d�oʁo2�ڿh�&s$eCPʐ�.N�p3˹q�+/ޯv3y%^�ć�^Tk6:�5Q3[� ÈC?�s
H�yiW�zY~8=has;Ȟ�^�e|xza�Qd,m�4�q<��9s�Yu8��%��� ~�HM�ԳpN٥8_Ѱs�3@�z:}K=s�qo8��5c[&�4HΝJIUKJ�~+jZ�'\#a�W� *+�P#}a`J^.U�&���K=#
��.=m^t f�5ϡ'�!�pC>fJ-�@ P��1�=:1`h$
Y�ۼx�[T�;7i5�@)8��?,�(�s��[^F�lO��B#V��xɛ3ʯcť��6�%bn�1vK�u¿.ә@p&=ӄ�w�Y!D˸��x�4@;4�Dݴ)9P3�l1@xLs�\hn2�&23M{:�t\x| "e*sCvO!�f-Nؒ1b�QURۨWy�ɑ"9<���;$}�F(s1>r��^��F�`˫iBO^#�.sD`a\m�8JuI}6]t�R�{ -\HZ�oK>X�v7i\-�XK$LOew�o^§n3A ��Az��m
�ok>M45~�ɱd�(� �k�EF(�t#by��ܝ0m��>8Ï }]pz5sڱ
E�qgBV?��"�d`�L_�k&gF,jx�Y21~_�& �$Ҵ��`Yf�}^(u60H-��z 3��*\='�fSH�!L�&!?��>KGJ��Ǝ�$z�6o��9/�Fs�{Pd��>x*8�"�2kH�2s�{D�|%ЄZ�{J�fBM�'K�Y�Ǧ e4p5|OX�9�VX#e� �^1�PSFӽ"}J�%8�~ C�
>%�v�
j�T��F\�gȌa)x�܃�AGR(�~Q�~xzA߭Ud#ə
B|��,+-
O*_HQq1^R�s]q퀷!4OJ�{X�|@ăx!$K�/<�>,D*�9"[�o
%�P�@EikI/?H3軉Wd&%�}YQ ��v.ykhFʪv\|j'� ]*��KxrHqpC>��~؋|!O�
ϻy�H�O)t��Iw`Q
1��|�j7;5m�Te]ƌQYɶ��z
S�OF=Ƣ�u+�ğ? \��cwH�V�Lt>;Oulם8G#
P�⁜0ћ.[c� :۳|�?� O�e Lt4/o90�kn>7Q$�Ly��i!zQ�;ˬ`+��Ls��~���0qGĶ2C|R2k̜Upv�Rv������?93O�9�9jze Ǣ8"U]�6s�P/>yGׂ}Q'�a|dt-+^FzL��!oҮ\)V�bʕ.S�ܟ=BKa��҇fHEW�k^��zX�տbWS>�n)ZF�,ck-�ԭ<�P0��@AC.vz]�nFQa#�®54-o���v�ѩ���ߩ�n3QaW_<�tcbS,HڙB�X�<ٰ���s�W=?5f��l�5ƿ;ajn,eH&}kqd.�D�I
qk,�Ma4,Lb5��"[]QI�(`�vX�3�3}"@a)5ZBLN��Po�3pRaL ��y/b[и�[zw0�XjPtP�9͓wZ��0��
��9\Mhc{pfif�#3�S.f� Ax��=`#hxj<���nh1)�d'kI���'�'�R!la,�9�r3 ˅Ej F.�t1��R04xq�Ba��ʩȩ(v�}_|J�Ѭod�;j�+s�ʧ=I�~�p��03�Vt*N�o睕 P.�i{T�34[;��?;��o:a}BeFBl4*�7۳y:�?#Koyq˶�VP��- QwA0��}U^MVz`o��s�g�|�oU��AFCQ+j5�Nb�i|ۊX�#iQg�rYORե{ol'�uE^8�%ܖmJHQ&s)#KM�\eZ)M�j39Q��2kG�skq�>tgLp�-�ͱeRZ`l/Z6?x-'��
|
Network Security & Hardware 
