By Steve Ragan Mar 2, 2007, 16:12 GMT
Worms, Trojans, and other Malware are often very hard to fight. The first line of defense is “signature” based detection. This means that there are certain attributes often linked to a Worm or Trojan that allow vendors such a Sophos, BitDefender and others to detect, and remove most infections. The key word is “most” because often seriously harmful or malicious Malware code has a way of growing. Changes in behavior and processes often make the battle to locate and remove infections harder and harder each year.
The Strom Worm, aptly named because of its original wave of targeted emails based off the winter storms hitting Europe in the latter part of 2006 and early 2007, made news by affecting hundreds of thousands of computers and users world wide. In email, a user would click a link and download the Malware designed to infect others by spam, and turn the infected computers in to zombies. These new zombies were quickly used to target networks and others with bulk email campaigns and DoS (Denial-of-Service) attacks.
Now the Storm Worm is making news once again. This time there is some serious changes to the worm and these are what make the worm more of a hassle if not a bit more dangerous. Secure Computing and researcher Dmitri Aplerovitch, said Monday the new variant of the worm ‘Small.DAM’ is making rounds again. THey also pointed out that email was not the only method it is using to infect computers and users online.
The original method is being used but now the Malware once installed will take on a new level of system intrusion. Once a forged link or attachment is executed, the Worm will install its self and like before the potential for Spam and DoS attacks are there. The new twist comes from the fact that the Worm will now attach its self to the network stack. This means it can read, and analyze all outbound traffic.
This new dynamic means that now when you use webmail such as Yahoo, GMail, Hotmail, etc., you might notice an extra line of text added to it. The Malware will append a line of text designed to link to the software that will infect your PC. A simple message something to the effect of “Check out this link, or Have you seen this” with a simple hyperlink that will infect your computer once clicked.
This also adds a new level of infection because the same code that will add text to your outgoing email, could also add it to forum posts or blog posts. Even comment listings on articles and blogs are vulnerable. One report cited an example of this appearing on the Men’s Health forum, and other places on the web.
Like the other versions of the Storm Worm, this variant will require you to click the link first before anything negative happens. Keeping your virus software up to date, and if you use a software firewall while not one hundred percent effective it will help slow the spread, and prevent you from becoming another infected user on the web.
page: 1
Bloody HackerMar 3rd, 2007 - 19:15:41
yarh..it's getting worse and worsen.Just take a look at the Myspace's social network which considered heaven for pishing and malware.
Report this comment
Your Talkback on this Story