If you want information about the earthquake in China get it from a news site and not from a link to a video that arrives in your e-mail inbox.
That's the message from the US-CERT (Computer Emergency Readiness Team) on Thursday.
The group has received reports of a new variant of the Storm worm that targets people interested in the May 12 earthquake that killed nearly 70,000 people and left 5 million homeless. Some of the e-mails also have subject lines that deal with the Olympic Games that China is hosting.
In the e-mail is a link that sends a recipient to a malicious Web site, US-CERT says. Opening the purported video link on the site runs executable code that infects the computer with malicious code that can be used to turn the machine into a zombie on a spam botnet.
Previous versions have used April Fools' Day and Valentine's Day themes, as well as masqueraded as a fix for another worm to lure victims to sites.
As always, computer owners and administrators are urged to install and update antivirus software and to not follow unsolicited Web links received in e-mail messages.
A number of phishing sites have cropped up within the last day using domains previously attributed to the Storm worm botnet. Last fall, Storm was used in a series of pump-and-dump stock spam blasts, including a unique MP3-based spam blast, but researchers at F-Secure don't think the original authors of Storm are necessarily trying something new. F-Secure said Tuesday that "October brought evidence of Storm variations using unique security keys. The unique keys...allow the botnet to be segmented allowing 'space for rent.'" They think phishers are leasing parts of the larger botnet.
F-Secure cites a Halifax bank as one of the phishing targets, while Trend Micro identifies the Royal Bank of Scotland as another. What connects these sites are the server domains hosting the pages. Trend Micro said Tuesday it detected the hosts "while watching domain activity normally associated with suspected RBN (Russian Business Network) -associated activities."
The original Storm worm code, so named because it coincided with a severe winter storm in Europe, will celebrate its first anniversary next week, on or around January 19.
What good are several million Storm worm infected PCs? According to one researcher, the current computing power of Storm worm's botnet is greater than IBM's Blue Gene supercomputer. "If you calculate pure theoretical throughput," Matt Sergeant, chief antispam technologist with security vendor MessageLabs, "then I'm sure the botnet has more capacity than IBM's Blue Gene. If you sat them down to play chess, the botnet would win."
The Australian publication IT News also quotes Sergeant as saying, "In terms of power, the botnet utterly blows the supercomputers away." He goes on to say that just 2 million of the suspected 50 million Storm worm-infected machines are equivalent to the computing power of the top 500 supercomputers.
In the last few months, antivirus vendors have reported an increase in Storm worm infections. Infected computers are often used to relay spam. They can also be used to attack Web sites in what's called a denial-of-service attack.
More alarming is the amount of control the Storm worm bot-herders apparently have over their creation. "We've seen spikes where the owner is experimenting with something and those spikes are usually five to 10 times what we normally see," Sergeant told IT News. "That means they can turn on the taps whenever they want to."
MessageLabs has more on the Storm worm in its monthly report on spam.
- prev
- 1
- next
