Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Networking

    Storm Worm Uses YouTube Ruse

    By
    Brian Prince
    -
    August 27, 2007
    Share
    Facebook
    Twitter
    Linkedin

      Security pros are warning that distributors of the Storm Trojan are now using a YouTube video to lure users.

      Contained in e-mails with subject lines such as “sheesh man what are you thinking,” the malicious link claims to go to YouTube.com, but actually goes to a URL harboring exploit code.

      “This is the first [YouTube] lure that the Storm folks are using but not the first that has used YouTube in the past,” said Dan Hubbard, vice president of security research at San Diego-based Websense. “There are a variety of e-mail subjects and bodies but basically they request you to view a video.”

      Dave Marcus, security research and communications manager at McAfee, based in Santa Clara, Calif., advised people to use caution when clicking on links in e-mails. Clicking on the attachment associated with this particular attack will infect the victims machine with the Nuwar worm, Marcus said.

      “Malware writers continue to use social engineering tactics to infect a users machine with a copy of Nuwar, this time latching on to the popularity of YouTube to lure people into clicking on the URL,” he said. “We expect these spammers to continue to use these types of tactics and it will be imperative that users get educated on how to avoid becoming a victim.”

      Click here to read more about the Storm Trojan.

      A study released Aug. 27 by Websense found that 12 percent of responding IT managers working for SMBs (small and midsize businesses) had no way to enforce their businesses Internet usage policies. The report surveyed 450 IT managers and employees within the United States.

      The study also found that business-owned computers were left vulnerable to security threats for more than 21 days, on average, despite the daily updates promoted and offered by operating system and anti-virus vendors. Only 4 percent of SMB employees surveyed had daily security updates on their work PCs and 11 percent said the security software on their work PCs had never been updated.

      The results are bad news for those concerned about the spread of the Storm Trojan and other malware. According to researchers at McAfee, users who fall for the latest Storm Trojan ruse are directed to a site containing an image that tags back to YouTubes logo.

      In the background, an embedded, obfuscated JavaScript routine launches several browser and application exploits to infect the users machine with a copy of W32/Nuwar. In addition, if a machine is fully patched, the malware author has a backup plan—wording on the Web page meant to entice users into manually downloading the virus.

      Hubbard said the overall resources of the attackers, the planning and the resilience built into the infrastructure are why the Storm Trojan remains such an active attack.

      “This is clearly planned out,” he said.

      Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.

      Brian Prince
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×