There is a new worm out there spreading itself on computers around the world with a vengeance. It is called the "Storm Worm" and is named after the bad weather and storms that engulfed much of Europe late last week. It arrives as an e-mail with an attachment that purports to bring breaking news about the weather, in an attempt to get people to download an executable file. There are other infected e-mails that purport to carry news of a yet unconfirmed missile test by the Chinese against one of its weather satellites, and reporting that Fidel Castro had died.
Each new wave of e-mails carries different versions of the Trojan horse, according to anti-virus vendor F-Secure. Each version also contained the capability to be updated, in an attempt to stay ahead of anti-virus vendors.
"When they first came out, these files were pretty much undetectable by most anti-virus programs," said Mikko Hypponen, director of anti virus research at F-Secure. "The bad guys are putting a lot of effort into it...they were putting out updates hour after hour."
As most businesses tend to strip executable files out of e-mails they receive, Hypponen said he expected that companies would not be overly affected by the attacks. But hundreds of thousands of home users may be infected.
Once a user downloads the executable file, the code opens a back door in the machine which can be remotely controlled...and at the same time, installs a root-kit that hides the malicious program. The compromised machine becomes a zombie in a network called a botnet. Most botnets are currently controlled through a central server, which, if found, can be taken down to destroy the botnet. However, this particular Trojan horse seeds a botnet that acts in a similar way to a peer-to-peer network, with no centralized control.
Each compromised machine connects to a subset of the entire botnet, around 30 to 35 other compromised machines, which act as hosts. While each of the infected hosts share lists of other infected hosts, no one machine has a full list of the entire botnet, making it difficult to gauge the true extent of the zombie network.
Most security experts expect that more attacks are going to come over the several days, and that the botnet would most likely be hired out for spamming, adware propagation, or be sold to extortionists to launch distributed denial-of-service attacks.
One security expert called this current malicious campaign "very aggressive," and said that the gang responsible was probably a new entrant to the scene, hoping to make its mark. No one seems to know where the attacks are originating from. Be aware!!
No comments:
Post a Comment