Storm-Worm Adds millions of computers to botnet.

The authors behind a specific strain of malware are trying every trick in the book to get users to succumb to their ill-meaning plans. You name it, they've used it: weather news, personal greetings, reports that Saddam Hussein is still alive, reports that Fidel Castro is dead, sexy women, YouTube, and even blogs. The group seems hellbent on creating the largest botnet to date, and they just might do it. The "Zhelatin gang"—named after the trojan it installed—was responsible for what started out as the "storm worm." First spotted earlier this year, the spread of the "storm worm" started via e-mails purporting to provide information on some dangerous storms in Europe at the close of January. Users who fell for it were directed to a web site containing malicious code aimed at turning Windows PCs into spam bots. It was a success, if you can call it that; Symantec security response director Dave Cole told InformationWeek in late January that the worm had accounted for 8 percent of global virus infections after a single weekend rampage.

Over time, e-mails containing links to the "storm worm" took on many forms, from supposed missile strikes to reports of genocide. Then last month security firm F-secure noted that the Zhelatin team had switched gears and was focusing on greeting-card spam. The e-mails originally directed users to a web site that prompted the download of ecard.exe, but eventually morphed slightly so that the link pointed to a site that claimed the user needed to install "Microsoft Data Access" in order to view the card. Naturally, this download installed a trojan on the user's computer for the purposes of relaying spam.

And that's when the changes began to speed up. Zhelatin changed its game mid-week to suggestive e-mails from lonely females, which prompted end users to click a link to see what they could do if they "get lonely." Days later, however, security firm Sophos noted that the e-mails had changed once again, this time to spam claiming to contain a link to an awesome new video on YouTube. Same tactic, same virus.

The "Blogging" worm
But if promises of Kelly Clarkson's latest music video in e-mail weren't enough, the worm has now switched its focus to blogs. Unlike the typical "comment spam" that many of us have grown used to on our personal blogs, the worm is actually getting into people's Blogspot accounts and creating new blog posts with links to the trojan. Security software firm Sunbelt Software speculates that the posts are being made through Blogspot's mail-to feature, where users can e-mail their blog entries to specific addresses in order to have them posted to their blogs. This theory seems to make the most sense, as the worm would just need to comb the user's local contact list and send itself out to everyone on the list, including Blogspot. Heise Security notes that not all of the links work: "they appear to be referencing dynamically assigned IP addresses of infected computers and these computers are at the time either offline or have already been assigned a different IP address."

We may never know whether the Zhelatin gang even meant for the worm to spread to blogs, but the group is probably happy that it did. Heise estimates that, as of early August, 1.7 million computers were infected worldwide as part of a massive botnet, and that number has surely escalated since then. Heise warns that this size could prove a very dangerous threat: "lthough the network has so far been primarily used to send spam, it could also be used for DDoS attacks on businesses or even countries." Just how many computers are part of the botnet is anyone's guess, but estimates from some security firms are reaching as high as 10 million. Just last June the FBI warned that it had discovered more than a million PCs in a botnet. This looks to be just the tip of the iceberg.

Link: http://arstechnica.com/news.ars/post/20070902-storm-worm-adds-millions-of-computers-to-botnet.html

Do you need any medicines?
Our Online Pharmacy is designed for your needs. We offer variouse medicines for very low price with fast and anonymouse delivery.

Viagra ..... High Quality
Cialis ..... Very Low Price
Valium ..... Cheap
Ambien ..... Cheap
Soma ..... Cheap
Xanax ..... Cheap

We offer 4 FREE Viagra pills for every order

Thank gods for an excellent spam filter available through my provider. In addition to which I NEVER open greeting cards from people I don't
know, and I NEVER install anything suggested by an email!

It's really sad there's so many crooks and thieves out there.

Hekate

really do click on a link in a email or other means that bot-net is the one that takes over your computer silently and you may not know it. Sounds like you are doing a good job of preventing yourself from getting one. I know I try to stay vigilant because I don't want to infect a friend's computer or anyone else. I use the Norton Internet Security and Norton anti-bot programs and I run two different anti-spy programs as one usually will not catch everything. It is a shame that you have people out there that will do this sort of thing but that is the world we live in isn't it. Have a good day.

There are some who take pride in creating a virus, because they can.

Typically the botnet owner will use IRC to control the 'zombies' or infected computers in his/her botnet. These zombfied computers or botnets are used to bring down websites amongst other things.

It also isn't uncommon for malware to include keylogging software.

A bot is simply a program that preforms repetitive tasks.

Anyhow if you haven't disabled the preview pane in your e-mail client, I would suggest you do so. Other than that, it sounds like you have everything under control. :)

...is okay because it's a Mac, plus our son installed firewalls while he was here -- but a couple of years ago it was terribly disconcerting to receive spam after spam that tried mightily if unsuccessfully to download something awful (I could tell because of all the numbers scrolling at the bottom of my screen) . Our provider has given us Postini for a filter and it catches literally dozens -- sometimes hundreds -- a week.

Yahoo really doesn't seem to care that deeply if spammers are fraudulently using their name. I tried to alert them about the dozens of seemingly hard-core porn offers I was getting (very explicit subject lines about mothers and sons, fathers and daughters, etc.) but their response was to tell me I had to provide ALL the tracking information. I put both Mr. H and our local provider on the case, but Yahoo kept informing me that there wasn't enough info and it was my fault for not giving it to them. Out of frustration I started forwarding this dreck to them directly until they put me on ignore.

Shortly after that I got Postini and my troubles were over. Now I visit my Postini account once a week and delete everything for which I can't identify the sender. If in doubt I can open the text and scan it, which is how I determined that the first "E-card from old school friend" was spam without endangering myself. Since then I've received and deleted untold numbers of them.

Ah well, every good archetype has a profound shadow to it.

Hekate

... do not click on links you received from an email unless it is from a friend and only then if you believe the friend actually sent the link.

If your curiosity is overwhelming, take some keywords from the spam and use Google to find the REAL site and go there. If you cannot find it using Google, it is not legit.

I've never had a serious virus infection, I have had some adware crap. They are pretty easy to avoid, just don't believe anything you get in an email.