Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Storm Worm Strikes Back


  • Please log in to reply
3 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,485 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:24 AM

Posted 26 October 2007 - 08:07 AM

The Storm worm is fighting back against security researchers that seek to destroy it...The worm can figure out which users are trying to probe its command-and-control servers, and it retaliates by launching DDoS attacks against them, shutting down their Internet access for days...A recently discovered capability of Storm is its ability to interrupt applications as they boot up and either shut them down or allow them to appear to boot, but disable them...

networkworld.com
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 rowal5555

rowal5555

    Just enough info to be armed & dangerous...


  • Members
  • 2,644 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:St Kilda, Dunedin. South Island. NZ
  • Local time:10:24 PM

Posted 29 October 2007 - 08:34 PM

It would appear that STORM is quietly mutating and infecting millions of PCs while gathering itself for a massive attack against the Internet. Because it is doing very little at the moment, it is not receiving the media attention that flashier attacks do.

My question is, will my present armour protect me, or are special???? measures required?

IMHO, those responsible should be hunted down the same as any other terrorist.

This one really worries me and I would appreciate any opinions.

Cheers

rowal5555 (Rob )                                                             

Avid supporter of Bleeping Computer's
Team 38444

You can help find a cure


 


#3 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:05:24 AM

Posted 30 October 2007 - 03:43 PM

^ Hi Rob - Excellent questions ... Yes, most likely you'll stay protected if you do the following:

- Stay up-to-date with AV protection (most update daily and even autoupdate for you behind the scenes in some cases)

- Most importantly, being careful is your #1 ally in the security defense process. I had read where most "mass spam" attacks only have about 30% coverage on day one (although some may heuristically find SW variants). As long as you avoid URLs and attachments in suspicious emails designed to trick folks, you're going to stay clean. Still, the 1st e-card SW variant I got some months ago almost tricked me, as I got a copy before anyone posted info or alerts (still, the numeric IP address was a tale-tell sign to avoid this completely).

- Try running weekly scans periodically ... Most times you won't find something. One trick the SW authors are using is to make the AV protection seem like it's working when it's not behind the scenes. Running scans, updating, etc., all help ensure your AV environment is operational

- Spam filtering helps separate legitimate email verses spoofed email attacks. Almost all the copies I have received (and there have been bunches) were thrown in the SPAM or BULK folders

- Keep your PC up-to-date on all Windows and other product patches. Some SW attacks have used exploits to automatically install malware code silently on an infected PC without the user knowing

- Monitoring new developments will help. Certainly watching the forums here, blogs, and other security sites will help keep you informed on all major attacks.

While there's nothing magic about SW, it is a well-done attack by probably the most advanced malware gang in the world. Staying cautious can save you from hours of hard work to get back to where you were before you clicked -- and unfortunately sometimes you might even loose something permanently as a result of not being careful.

Regards, Harry

#4 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:05:24 AM

Posted 30 October 2007 - 03:46 PM

Also wanted to follow-up on QM's original post above ... McAfee (AVERT Labs) has actually discovered a way to bypass the DDoS attacks and some of the other aspects preventing research. If only we could get the bad guys :thumbsup:

http://www.avertlabs.com/research/blog/ind...ar-not-so-much/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users