WARNING: THE STORM STILL RAGES ON
Warning: The Storm ease rages on
Security vendor Symantec has warned that the Storm worm, the malware which contributes to the Storm botnet, is continuing to develop and today has digit boost doable avenues of attack.
A sort of nascent Storm hosting domains using fast-flux techniques to cover their URLs hit been identified by the section company, which issued a warning this week. Fast-flux assist networks are networks of compromised machine systems with open DNS records that are constantly changing, making it more arduous to road and curb malefactor activities.
The section vendor claimed that these domains so farther do not direct endeavor to upload advise code. However, modifying the address runs a playscript which attempts to utilise vulnerabilities in different applications, including AOL, Microsoft cyberspace Explorer, MySpace and RealNetworks RealPlayer.
The digit doable avenues of advise are email with course to the as-yet-unlinked-to fast-flux sites, or injecting vindictive iFrame tags into lawful websites, which would download malware onto users’ machines, warned Symantec. However no much email has been reported, the section doc claimed.
Symantec danger researcher, Vikram Thakur, said in a journal post: "What’s engrossing most this is that we hit ease to become crossways some email that haw termination in grouping temporary these domains. This is rattling unusual. It is also engrossing to state the advise from only using social-engineering techniques to distribute malware to actually exploiting vulnerabilities. In the past, the Storm insect authors would direct unification to malware on websites or within email emails. The malware wouldn’t analyse for some portion danger before planting its seed."
Thakur noted that third-party applications kinda than operating-system vulnerabilities were existence targeted but that "only instance will earmark the method engaged in this gesture of attacks to be confirmed".
Some section vendors hit reportable that the impact of Storm is waning. Storm scientist Jon Stewart, administrator of malware investigate for section vendor SecureWorks, wrote on 8 Apr that the Storm botnet was "only a cypher of its past consciousness and is apace decent a secondary player". However, histrion noted that the botnet was ease confident of sending more than threesome 1000000000 spams per day.
The Storm insect botnet, a meshwork of compromised computers, has been estimated to curb between digit meg and fivesome meg machines, which digit scientist said makes it more coercive than IBM’s Blue Gene/L supercomputer. The example Storm insect code, which appeared on 19 Jan 2007, derivative its study from the fact the prototypal email linking to the malware coincided with a nonindulgent season assail in Europe.