February 27, 2007 11:51 AM PST

Storm worm variant targets blogs, bulletin boards

A variant of the Trojan horse attacks known as Storm worm emerged Monday, targeting people who post blogs and notices to bulletin boards.

Storm worm emerged in January and raged across the globe in the form of e-mails with attachments that, when opened, loaded malicious software onto victims' PCs, commandeering the machines so they could be used for further attacks.

The new Storm worm variant attacks the machines of unsuspecting users when they open an e-mail attachment, click on a malicious e-mail link or visit a malicious site, said Dmitri Alperovitch, principal research scientist at Secure Computing.

But the twist comes when these people later post blogs or bulletin board notices. The software will insert into each of their postings a link to a malicious Web site, said Alperovitch, who rates the threat as "high."

"We haven't seen the Web channel used before," he said. "In the past, we've seen malicious links distributed to people in a user's address book and made to look like it's an instant message coming from them."

The danger in this most recent case, he added, is that the user is actually posting a legitimate blog or bulletin board notice, unaware that a malicious link has been slipped into the text of the posting.

See more CNET content tagged:
bulletin board, blog, variant, trojan horse, link


Join the conversation!
Add your comment
Malicios software
The criminal minds behind trojans and other melicios software are only half of the problem. Without the thousands of idiots throughout the world who even after so many worlwide virus scares still blindly click on every email attachment arriving on their computer we would'nt have the problem. Even my nine year old daughter knows you don't open attachments from unvarified sources. If everbody would do the same we'd have no spam either seeing that many trojans specialise in collecting email addresses stored on nearly everones hard disk.
Posted by WriteRight (42 comments )
Reply Link Flag
I am with you...
Posted by fabricom (2 comments )
Link Flag
I am with you...
Posted by fabricom (2 comments )
Link Flag
The problem isn't the youth anymore. The problem seems to be the older generation who once said they would never be caught dead on a computer who now are enjoying emails from across seas with loved ones and chatting on messenger with their coworkers. They don't know net security like youth do and so now the problem has taken a different turn. I have insisted that my mother stop forwarding all that spam email and stop going to unknown ecard sites but she says (and I quote) but they are so pretty!" and she doesn't stop going to them or forwarding junk. It has gotten to the point where I hardly ever click on anything she sends me and already told her I would ONLY click on emails from her that are titled what it is about and only from her main email address (no ecards from random sites saying they are from her).

The sad thing is people won't become more aware unless they WANT to become more aware. Even if their computer get infected .. get this .. my brother said "heck everyone's computers are infected anymore so why should I bother to keep mine virus free!" .. WOW! I didn't know people think like that!
Posted by angieskidney (1 comment )
Link Flag
"We haven't seen the Web channel used before," he said.
>>>"We haven't seen the Web channel used before," he said.<<<

Maybe he hasn't seen it but the Nimda 2001 break out was caused by similar spreading means. It would modify web pages. And then there was Gator and HotBar which often modified any kind of HTML page which you might post to a blog, a forum and/or a web site.

So as for this being the first... (* CHUCKLE *) Maybe for him.

Opening attachments from unknown people and/or unknown sites is problem #1. If that problem didn't exist... worms like this would NOT proliferate!!!

Posted by wbenton (522 comments )
Reply Link Flag

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot



RSS Feeds

Add headlines from CNET News to your homepage or feedreader.