Access member only content, take part in discussions with comments on blogs, news and reviews and receive all the latest security industry news directly to your inbox. Join now for free.
A confirmation email has been sent to your email address - SUPPLIED EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @scmagazine.com.au to your white-listed senders.
Researchers at CA say they have detected a new variant of the Storm Worm, the infamous botnet best known for its spam-producing abilities, but which was effectively killed off more than a year ago.During its roughly two-year run, though, Storm was highly successful, and it appears malware writers again are utilising the old code to infect machines, which then are used to spread spam, Don DeBolt, director of threat research at CA, told SCMagazineUS.com.Researchers discovered the threat while examining software that was bundled with rogue anti-virus software, he said."This is an example of the reuse of code that worked very effectively in the past," DeBolt said. "It's a good lesson to understand about malware and the internet that when one method works in the past, it's often reused again in the future. We have to constantly keep our guard up and look at the reissuance and redistribution of legacy malware."The Storm Worm exploded on the scene in 2007, capitalising on holidays and current events to place tens of thousands of machines under its control. Once computers were infected with the malware, they were used to push out spam. At its peak, Storm was responsible for 20 percent of the world's junk mail.Then, near the end of 2008, Storm's grip on botnet dominance cratered, partly because a California-based internet service provider, Atrivo, also known as Intercage, was knocked offline. The rogue ISP was responsible for hosting Storm's command-and-control servers, used to supply infected computers with instructions. In addition, detection of Storm became more effective. Researchers were even able to infiltrate the botnet and disrupt its peer-to-peer communication functionality. Storm eventually was replaced by Waledac.But now Storm appears to have resurrected itself, at least somewhat. The focus of the latest run is spam, DeBolt said. Messages related to the campaign are hawking pharmaceutical merchandise, online dating sites and celebrity videos, according to a CA blog post."They are sending a large number of spam messages," DeBolt said. "It's programmed to be pretty prolific in its distribution of spam emails. But it's still too early to tell how prolific."End-users should expect to see increased variants of the Storm code."We have not infiltrated the botnet or command-and-control server to identify the volume of infected systems," he added. "But we verified that this is a new variant of the legacy threat and that's why we wanted to get the word out."See original article on scmagazineus.com
To begin commenting right away, you can log in below or register an account if you don't yet have one. Please read our guidelines on commenting. Offending posts will be removed and your access may be suspended. Abusive or obscene language will not be tolerated. The comments below do not necessarily reflect the views or opinions of SC Magazine, Haymarket Media or its employees.