Close
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Cybersecurity
  • Big Data and Analytics
  • Cloud
  • Mobile
  • Networking
  • Storage
  • Applications
  • IT Management
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Mobile
    • Networking

    Spam Spreads Storm Trojan Across Internet

    By
    Brian Prince
    -
    August 22, 2007
    Share
    Facebook
    Twitter
    Linkedin

      The Storm worm continues to sweep through the Internet, this time via a new series of spam e-mails that use login account confirmation details as bait to get recipients to visit malicious Web sites.

      The TRACE (Marshal Threat Research and Content Engineering) team reported the spam e-mails appear to come from a legitimate organization and offer recipients temporary login confirmation details for a Web site. The spam uses text such as “for security purposes, please login and change the temporary Login ID and Password” and includes a link to an IP address that is actually a Web site infected with the Storm Trojan.

      “We have noticed overnight a strong up-tick in the volume of confirmation spam from 18 percent of all spam yesterday to 35 percent,” said Bradley Anstis, director of product management at United Kingdom-based Marshal, in an interview with eWEEK. “This suggests to us that many people are getting caught by it. This is not surprising since the malicious code itself seems to be morphing every 30 minutes or so, making it very difficult to detect with AV scanners…The Storm Trojan has been in circulation now since early this year and is quickly becoming one of the worst offenders of all time!”

      Click here to read more about the Storm worm.

      The Storm worm first touched down on the Web in January. Also known as Zhelatin and Nuwar, the Trojan spread through massive waves of e-mail with subject lines referencing a major storm in Europe and other current events. In the ensuing months, the group behind the malware used a variety of different kinds of spam ploys, including malicious e-cards, to propagate the worm.

      Earlier this month, Atlanta-based security firm SecureWorks reported the number of hosts launching the attack via e-mail had jumped from 2,815 in the beginning of the year through the end of May to a total of 1.7 million in June and July.

      Finnish security company F-Secure warned about the latest twist involving the Storm worm Trojan.

      “A few times over the last week weve posted on how the e-mails used by the Zhelatin/Storm gang have changed, so we werent too surprised to see them change once again,” a F-Secure researcher wrote on the companys security blog. “This time though, they look very different as they talk about you having signed up for different services such as MP3 World or Internet Dating.”

      Anstis noted the new “confirmation spam” outbreak has been launched by the same group that launched the Hot Pictures spam campaign earlier in the week. Though in the past, spam campaigns such as the greeting card campaign would last for weeks at a time, spammers are now modifying or launching new spam campaigns almost daily, he said.

      “They are trying to stay one or two steps ahead of the security companies. It typically takes a lot longer for a security company to react to a new threat than it takes for them to release,” he said. “In this case, the Storm Trojan in all its guises is getting a lot of press, e-card spam, PDF spam, etc., so users are quite well versed. They have to try new techniques so that they can continue infecting PCs and expanding their Botnets. With the malicious code they are using to infect people morphing so often and also other clever techniques like refusing to launch in virtual sessions, it is making it ever harder to track and detect.”

      Anstis advised anyone who receives a message like this from a person they do not know, or have not heard from for a long time, to delete it without opening it.

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Avatar
      Brian Prince

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more
      eWeek


      Contact Us | About | Sitemap

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Property of TechnologyAdvice.
      Terms of Service | Privacy Notice | Advertise | California - Do Not Sell My Information

      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×