Help - Search - Members - Calendar
Full Version: "storm Trojans" A Danger At All Sites?
BleepingComputer.com > Security > Breaking Virus & Security News
   
MaraM
Mar 3 2007, 02:20 PM
When I received the weekly 'Kim Komando' newsletter, it had an article about 'Storn Trojans' ...

(Quote) THERE’S A NEW VARIANT OF THE STORM WORM, AND IT’S BAD
In January, the Storm Worm Trojan horse affected hundreds of thousands of computers. It was the worst outbreak since 2005. It arrived attached to an e-mail about European storms.

Now, a variation is targeting people who post online. It attaches a malicious link to blog posts and messages left on bulletin boards.
Since the link is attached to a legitimate post, many people may click it. People who do so are taken to a malicious Web site. Next thing they know, something terrible has been downloaded to their computers. Researchers say they have never seen this method of attack.
Up-to-date security software will protect you. You need a current antivirus program and at least two anti-spyware programs. Also, be sure Windows is updated.
Kim Komando" (Unquote)

Surely this doesn't apply to our messages and links we post here on Threads within Bleeping?

Wonder if someone would be kind enough to clarify - thanks so much!
boopme
Mar 3 2007, 09:38 PM
Tho I'm not the expert on this and perhaps one will advise better. I think we are OK here as 1. It appears to have been targetting the IM group of poster more and anti spam sites. 2. Having read the articles posted by quietman7 and harrwaldon for a while now I feel a bit confident that BC has been aware and taken countermeasures for the sites security.
Some articles here
http://www.bleepingcomputer.com/forums/ind...2Bstorm+trojans
MaraM
Mar 3 2007, 10:19 PM
Thanks boopme - I was pretty sure we were safe here but thought I'd better double-check.
Papakid
Mar 4 2007, 12:07 AM
Just to be on the safe side, don't click on any links in posts that seem to be unrelated to the rest of the post, i.e., are out of context. The Kim Komando article and one at news.com are a little short on details of how this is supposed to work, but I've found another and I'm not sure if we have countermeasures in place yet but will have Grinler take a look.

http://www.itnews.com.au/newsstory.aspx?CIaNID=46608
QUOTE
Alperovitch explains that there is a new component in the variant that enables it to analyze network traffic on the infected computer and dynamically insert a link to the malicious site into text -- whether it's a blog post, a bulletin board entry or an e-mail sent through a webmail system. The users' text will contain their own content, along with the link and a note that lures readers to check out a website with "fun" videos or e-card.

Users who go to the malicious site have their own machines infected with this updated version of the worm, which some security vendors are referring to as a Trojan horse.

So if someone is posting about something fairly serious and then all of a sudden links to a "fun video", be very suspicious. I don't want to be alarmist, but don't underestimate new social engineering either. The moderating team will do what we can to keep any malicious links off the site, but you all should still use caution and remember that these malware writers are taking away a lot of the fun stuff on the web.
MaraM
Mar 4 2007, 12:20 PM
Thanks Papakid for explaining it further - knowing what to look for and what to avoid is very helpful and I really do appreciate your assistance.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2008 Invision Power Services, Inc.