Security

"Storm worm" malware may mutate into the largest botnet of all time


Last January, users were warned of malware that was spreading via e-mails that claimed to offer reports on killer storms in Europe. The Zhelatin gang, responsible for the Trojan, is applying every single trick in the book to create a swarm of spamming bots that may be as huge as 10 million!

The article from Ars Technica reports:

The authors behind a specific strain of malware are trying every trick in the book to get users to succumb to their ill-meaning plans. You name it, they've used it: weather news, personal greetings, reports that Saddam Hussein is still alive, reports that Fidel Castro is dead, sexy women, YouTube, and even blogs. The group seems hellbent on creating the largest botnet to date, and they just might do it.

The internetnews reports that unlike most botnets, the Trojan has no centralized hub and spreads via peer-to-peer technologies using the edonkey protocol. Latest in the spate of attacks are malicious links posted on blogs at Blogger.com, as reported at Channel Register. Researchers cite that this new mutation may be an accidental advantage for the Trojan since blogs allow users to send posts via e-mails.

YouTube lures (PC Mag) are also used to get naive users to click on downloads or video links and get their systems infected. PDF attachment attacks and embedding plain IP addresses instead of URLs in e-mails are other variations adopted by malware writers to circumvent spam filters.

While estimates on the size of the botnets vary from a few to 10 million systems, researchers fear the repercussions of deploying such a force for DDoS or other such attacks. As always, personal caution is the best remedy. Users need to be increasingly wary of following e-mail links.

--------------------------------------------------------------------------------

Stay on top of the latest tech news

Get this news story and many more by subscribing to our free IT News Digest newsletter, delivered each weekday. Automatically sign up today!

5 comments
reviewsgirl
reviewsgirl

My friends were recently infected with data recovery virus and I had to try just about every AV program under the sun to remove it and believe it or not MBAM did not work.

Sonja Thompson
Sonja Thompson

How does your organization defend itself against malware mutations?

tundraroamer
tundraroamer

Anything asking to come into our networks must provide valid credit card information so we can charge back any misdeeds caused by the sender. That's stops all of it for us. I wonder if discussing how you protect yourself is really helpful? After all, the black hats infiltrate all the security sites and forums to learn how they are being blocked by that product. Then they can fix it. Are we our own best enemy by providing the information on what we do to defend ourselves?

asgr86
asgr86

Nerver discuss about how your network is protected. !!!!

clendanielc
clendanielc

We use a multitude of things. On the corporate level we use a Linux based firewall. Then after that it has to go through a software firewall, linux again, that weeds out any viruses or spyware. Then for email it hits our Win based greylist software which now blocks 85% of our spyware. Then when it gets to our local client level we use the typical use Win Firewall and Outlook Junk Email folder. Use to be about 3 or 4 attacks a month about spyware from spam to none to one every month.