Bingalau 10:24 14 Feb 2007

Just got this from the American site "World Start"

February Security Advisory

The Storm Worm is back and this time, it’s an all out war. A couple of weeks back, I wrote an article describing some new Trojans that carried a subject line regarding a huge storm battering the shores of Europe. The Worm was unique in a few ways that made it extremely difficult, if not impossible, to track down or shut down.

The new Storm Worm or Peacomm, as it is called, is a different animal, as far as the avenue of attack. But, other than that, it's business as usual. Instead of catchy, hard to ignore e-mails, the new attack takes advantage of some of the more popular instant messengers out there. Google Talk, AIM and the Yahoo! Messenger are being targeted, in particular. This evolution of the Storm Worm is very subtle in its attempts to capture unsuspecting systems. Now, it doesn’t broadcast its content via spam, but instead, it injects a message along with a URL into another already open chat window. It inserts something like a message with a smileycon and a URL. This could then intrigue and ensnare any curious individual or someone who may be engaged in a text message and might not think twice about interacting with it.

As with its predecessor, the thing that really makes this virus stand out is the way in which it handles its prey. An infected machine will become a zombie in a botnet where the successful attacker can then do what they want with your machine. The botnet is built using the P2P technology, which has no central server. It’s like the PCs that are infected are part of the botnet and they all act collectively as one. If one unit is taken out, the network simply cuts its losses and carries on with the mission. This lack of static central control also creates huge obstacles for forces attempting to stop these types of attacks.

If you are someone who likes to use their instant messenger, then I would take some extra precautions until this threat is under control. For instance, most antivirus solutions today have settings that pertain directly to instant messengers. Familiarize yourself with this component and how it works. I would also highly suggest not linking out to any URLs that come from your instant messenger, especially if they seem to come out of nowhere. If you do need/want to open a link from your instant messenger, make sure the other person you're talking to did actually send the attachment.


  p;3 14:25 14 Feb 2007

sounds just like a guest I might give house room to.......NOT::))
oddly enough I can recall a conversation at work about this critter today

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Honor 9 Lite review

How Social Media has Propelled Political Graphic Design and Art in the Last Decade

The best kids apps for iPhone & iPad 2018

HomePod d’Apple : date de sortie, prix et fiche technique