Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"storm Trojans" A Danger At All Sites?


  • Please log in to reply
4 replies to this topic

#1 MaraM

MaraM

  • Members
  • 1,717 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:British Columbia, Canada
  • Local time:11:16 PM

Posted 03 March 2007 - 02:20 PM

When I received the weekly 'Kim Komando' newsletter, it had an article about 'Storn Trojans' ...

(Quote) THEREíS A NEW VARIANT OF THE STORM WORM, AND ITíS BAD
In January, the Storm Worm Trojan horse affected hundreds of thousands of computers. It was the worst outbreak since 2005. It arrived attached to an e-mail about European storms.

Now, a variation is targeting people who post online. It attaches a malicious link to blog posts and messages left on bulletin boards.
Since the link is attached to a legitimate post, many people may click it. People who do so are taken to a malicious Web site. Next thing they know, something terrible has been downloaded to their computers. Researchers say they have never seen this method of attack.
Up-to-date security software will protect you. You need a current antivirus program and at least two anti-spyware programs. Also, be sure Windows is updated.
Kim Komando" (Unquote)

Surely this doesn't apply to our messages and links we post here on Threads within Bleeping?

Wonder if someone would be kind enough to clarify - thanks so much!
Never let your computer realize you are in a hurry or just typing the last few words of a vital document.

While outer events might make one happy or sad, happiness itself is entirely internal, and at all times completely within one's power.

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,573 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:01:16 AM

Posted 03 March 2007 - 09:38 PM

Tho I'm not the expert on this and perhaps one will advise better. I think we are OK here as 1. It appears to have been targetting the IM group of poster more and anti spam sites. 2. Having read the articles posted by quietman7 and harrwaldon for a while now I feel a bit confident that BC has been aware and taken countermeasures for the sites security.
Some articles here
http://www.bleepingcomputer.com/forums/ind...2Bstorm+trojans

Edited by boopme, 03 March 2007 - 09:39 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 MaraM

MaraM
  • Topic Starter

  • Members
  • 1,717 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:British Columbia, Canada
  • Local time:11:16 PM

Posted 03 March 2007 - 10:19 PM

Thanks boopme - I was pretty sure we were safe here but thought I'd better double-check.
Never let your computer realize you are in a hurry or just typing the last few words of a vital document.

While outer events might make one happy or sad, happiness itself is entirely internal, and at all times completely within one's power.

#4 Papakid

Papakid

    Guru at being a Newbie


  • Malware Response Team
  • 6,664 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:16 AM

Posted 04 March 2007 - 12:07 AM

Just to be on the safe side, don't click on any links in posts that seem to be unrelated to the rest of the post, i.e., are out of context. The Kim Komando article and one at news.com are a little short on details of how this is supposed to work, but I've found another and I'm not sure if we have countermeasures in place yet but will have Grinler take a look.

http://www.itnews.com.au/newsstory.aspx?CIaNID=46608

Alperovitch explains that there is a new component in the variant that enables it to analyze network traffic on the infected computer and dynamically insert a link to the malicious site into text -- whether it's a blog post, a bulletin board entry or an e-mail sent through a webmail system. The users' text will contain their own content, along with the link and a note that lures readers to check out a website with "fun" videos or e-card.

Users who go to the malicious site have their own machines infected with this updated version of the worm, which some security vendors are referring to as a Trojan horse.

So if someone is posting about something fairly serious and then all of a sudden links to a "fun video", be very suspicious. I don't want to be alarmist, but don't underestimate new social engineering either. The moderating team will do what we can to keep any malicious links off the site, but you all should still use caution and remember that these malware writers are taking away a lot of the fun stuff on the web.

We always did feel the same

We just started from a different point of view

Tangled up in blue--Bob Dylan


#5 MaraM

MaraM
  • Topic Starter

  • Members
  • 1,717 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:British Columbia, Canada
  • Local time:11:16 PM

Posted 04 March 2007 - 12:20 PM

Thanks Papakid for explaining it further - knowing what to look for and what to avoid is very helpful and I really do appreciate your assistance.
Never let your computer realize you are in a hurry or just typing the last few words of a vital document.

While outer events might make one happy or sad, happiness itself is entirely internal, and at all times completely within one's power.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users