55K New Malicious Sites Blocked Last Month

MessageLabs: Latest StormWorm developments through worldwide botnet of 1.8M computers

Dark Reading Staff, Dark Reading

September 5, 2007

2 Min Read
Dark Reading logo in a gray background | Dark Reading

NEW YORK and LONDON -- MessageLabs, the leading provider of messaging security and management services to businesses, today announced the results of its August MessageLabs Intelligence Report. The new data reveals the latest StormWorm developments involving virtual postcards and YouTube video requests to distribute the Trojan code, and the increase in new malicious website appearing every day.

In recent weeks MessageLabs has observed a large increase in emails containing links to virtual postcards and YouTube video invites, including a significant outburst on August 15th which comprised of 600,000 emails distributed in 24 hours. This is the latest developments from the StormWorm botnet, now estimated to comprise of 1.8 million computers worldwide.

Although the body text and subject line keep changing, the emails always consist of simple text or HTML including a single link to an IP address. That IP address refers to another infected machine within the botnet which subsequently redirects to a back-end server in an attempt to infect the victim with a copy of the StormWorm Trojan code. The back-end server automatically re-encodes the malware every thirty minutes to make signaturing difficult for traditional anti-virus vendors.

Similar to the techniques adopted by other botnets like Warevoz, the location of the command and control servers used to manipulate the botnet are safeguarded behind a rapidly changing DNS technique known as ‘fast-flux’, a similar method to the bullet-proof hosting schemes than spammers have often used in the past, making it difficult to locate and take down hosting sites and mail servers.

“The StormWorm trojan continues to be an the forefront of the threat landscape through its tactic of reinventing itself in different disguises” said Mark Sunner, Chief Security Analyst.

With such a commanding botnet now in force and no signs of it waning, vigilance needs to be increased and enforced on all unknown and also known web links and attachments.”

MessageLabs Ltd.

Read more about:

2007

About the Author

Dark Reading Staff

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

See more from Dark Reading Staff
Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.
Subscribe

You May Also Like

More Insights
Webinars
More Webinars
Events
More Events

Editor's Choice

Pegasus Spyware concept with binary code background
Endpoint Security
WhatsApp: NSO Group Operates Pegasus Spyware for CustomersWhatsApp: NSO Group Operates Pegasus Spyware for Customers
byJai Vijayan, Contributing Writer
Nov 18, 2024
4 Min Read
Laptop with Palo Alto networks logo
Cyberattacks & Data Breaches
Palo Alto Networks Patches Critical Zero-Day Firewall BugPalo Alto Networks Patches Critical Zero-Day Firewall Bug
byBecky Bracken, Senior Editor, Dark Reading
Nov 18, 2024
3 Min Read
ChatGPT, typed out on a screen
Сloud Security
ChatGPT Exposes Its Instructions, Knowledge & OS FilesChatGPT Exposes Its Instructions, Knowledge & OS Files
byNate Nelson, Contributing Writer
Nov 15, 2024
4 Min Read
Reports
More Reports
Webinars
More Webinars
White Papers
More Whitepapers
Events
More Events