DDoS attacked by fake e-cards
There has been an increase in a number of machines infected by the Storm Worm, says theregister.co.uk. Although the authors of this prompting speculation infection have recently limited their activity to spam, they are going to use it for more destructive purposes, mostly for launching massive denial of service attack.
Almost everyone who has an email account is familiar with Storm Worm. The name was given after malware-laced mass emails promised information about winter storms that ravaged Northern Europe. Since than Storm Worm email messages have changed many names. That demonstrates a strong ability in its authors to trick recipients into clicking through so they become infected.
The latest Storm Worm work is spam messages that bear such subjects as “You’ve received a greeting e-card from a worshiper”, according to theregister.co.uk. After following the link the malicious code is installed into system and users become part of the same network as the original sender. As a result user starts sending the same e-card messages or spam containing PDF files. People, maintaining the Storm network, are probably aspiring to greater things, for the number of infected machines is growing constantly.
The guess is made that Storm Worm is building a network that could be leased out to hackers. As a result they could launch a massive attack on a large company or even entire country.
There’s also an opinion that the Storm Worms’ purpose could be to DDoS somebody. The statement was made by one of the investigators of this network that the idea of having a virtually unstoppable DDoS net could be driving this.
Storm Worm combines social-engineering savvy with technical prowess. It relies on peer-to-peer technology for updates instead of a centralized command and control channel on an internet relay chat network. That’s there the secret of Storm Worm lies.
Another trick by Storm Warm is that instead of being connected to a single IRC server, it is connected by p2p. Therefore there is no head to cut of. Basically it is impossible to kill Storm Worm.
Storm Worm also frequently alters executables that get loaded during startup, instead of relying on traditional techniques of modifying the startup registry. Those are better understood and would make the detection process easier, for now it is almost impossible.
However these tactics have been used before by other virus writers, which make it easier to find a solution to this network. The incorporation has already started.
Recently commented malware