Slashdot Mirror

← Back to Stories (view on slashdot.org)

Massive Spam Shot of "Storm Trojan"

Posted by kdawson on from the storm-warning dept.

jcatcw writes "Postini has already counted nearly 5 million copies of the spam in the last 24 hours, and calculated that the run currently accounts for 87% of all malware being spread through email. 'Expect this to grow much larger,' a Postini spokesman said; 'It should top out at 60 million messages within the next 24 hours.' It's the largest attack in the last 12 months, and more than three times the volume of the two biggest in recent memory: a pair of blasts in December and January. The spam carries a ZIP file attachment posing as a patch with subjects such as Worm Alert!, Worm Detected, Spyware Detected!, or Virus Activity Detected."

2 of 260 comments (clear)

  1. Re:Another day in the world of near-monoculture. by MightyYar · · Score: 5, Insightful

    Oh, come on. I am FAAAR from a MS apologist, but this trojan is not really something that they can (or should) prevent! This worm is not exploiting any flaw in MS's programs that I am aware of, it is simply social engineering. Unless you make Windows prevent a user from running arbitrary code, I don't know how you'd fix this.

    If anyone should be sued, it should be the ISPs who allow zombies to sit there on their network. I don't like lawsuits, and would prefer to see some government incentive used to compel ISPs to remove the zombies.

    --
    W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
  2. Re:waaaait just one second... by adolf · · Score: 5, Insightful

    And you could presumably trick users w/o regard to the OS they use. But it's far more likely that the windows user is logged in with full Admin privileges.

    But it doesn't matter.

    The trojan/worm need not be an administrator to trash a user's computer, even with Linux. Let's use Ubuntu as an example. It can still send mail and propagate just fine as a regular user. It can also trash that user's documents and files (which are likely to be the only important data on the machine). It can use a crontab entry to start a daemon on a high-numbered port, which will run without user interaction, or without them even being logged in. That daemon won't be root, but it will still be capable of being a very proficient zombie.

    After that, for good measure, it can just run gksudo and simply ask the user for root permission. Ubuntu users are absolutely content to enter their own password into gksudo whenever prompted, especially when performing updates and patches (as this claims to be). So, the trojan will readily then gain root and be free to run completely amock. Trashing or rooting the OS is the obvious next step, but it's probably not even needed after all of the damage and infiltration already accomplished as a regular user.

    Seriously - just because it's not Windows does not mean that it's secure. As long as people are able to run arbitrary programs on their own computers, these types of things will continue to be a problem...no matter what kind of computer it is, and no matter if it has root/administrator priveledges or not.

    --
    Kid-proof tablet..