1.7 milion zombies made by Storm worm. The e-greetings worm.

Adware - Spyware : 1.7 milion zombies made by Storm worm. The e-greetings worm.

Posted by Max on 2007/8/9 2:01:11 (932 reads)

The botnet built by Storm worm has increased dramatically to include 1.7 million zombies (infected computers) according to security services provider SecureWorks, who state that although the network has so far been primarily used to send spam, it could also be used for DDoS attacks on businesses or even countries.

According to security researcher Joe Stewart, between January and May of this year SecureWorks has seen over 71,000 attacks involving the storm worm. Since June, however, the company has prevented more than 20,000,000 attacks.

There has also been a dramatic increase in the number of infected computers from which e-mail attacks were sent. Whereas from the start of the year to the end of May just under 3000 computers were infected, in June and July, the number of drones increased to 1.7 million. SecureWorks speculates that the botnet operator has built such a large network in order to be able to hire it out to other hackers or perform attacks.

McAfee have described the enormous increase in the number of infected computers to social engineering tactics used by malware authors, who, for instance, have sent out apparent greetings card e-mails with infected attachments or links to websites carrying the malware. Antivirus software vendors are working on the assumption that the storm worm botnet is behind recent spam e-mail carrying a RAR archive containing a text file as an attachment.

According to McAfee, current versions of the malware use unusual tactics to gain a foothold within systems. Rather than simply implanting themselves in the registry using startup entries, the current versions infect the tcpip.sys file and append code for loading the malware to the driver. McAfee talks of an increasing trend of malware using this kind of file infection mechanism to get loaded after a reboot.

To protect from the worm, SecureWorks recommends exercising caution with e-mails claiming to contain greetings cards or warnings of impending catastrophes, either as attachments or as links. Users should also block peer to peer traffic, as the storm worm connects to other botnet drones using the eDonkey protocol.

SecureWorks does not, however, provide any instructions on how this can be done. The eDonkey protocol is not limited to specific network ports. Additional tips on dealing with e-mails safely and on protection from malware infection can be found on heise Security's anti-virus web pages.

Previous article - Next article

Other articles
2008/8/13 16:42:03 - 10 Million Zombies Are Spreading Spam and Malware Every Day
2008/8/11 9:03:35 - Nearly $8.5 Billion Lost by US Consumers because of Online Threats
2008/8/8 6:35:36 - EDS' Eight Tips for Consumers to Protect Themselves from Identity Theft
2008/8/4 11:16:32 - NovaShield, Inc. Launches NovaShield AntiMalware Version 2.0 With 90-Day Free Trial
2008/8/3 4:35:31 - Full P2P Anonymity using Torrent Privacy

The comments are owned by the poster. We aren't responsible for their content.