Slashdot Mirror

← Back to Stories (view on slashdot.org)

Storm Botnet Returns As Part of New Year's Attacks

Posted by samzenpus on from the starting-off-with-a-bang dept.

Trailrunner7 writes "A new spam campaign that appeared shortly before the New Year is part of a new effort by the crew behind the Storm/Waledac botnet and is using some rather elementary tactics — in combination with fast-flux — to attempt to compromise unsuspecting users. The new attack emerged late last week and is fronted by a fairly lame spam campaign that is sending millions of emails that appear to be holiday e-cards, one of the older and more threadbare techniques in this particular game. According to an analysis of the attack by the researchers at the Shadowserver Foundation, victims who click on the link in the email are directed to one of a number of compromised domains, which then redirect the user to another page that displays a message asking the user to download a fake Flash player. This, of course, installs a piece of malware on the victim's machine."

17 of 66 comments (clear)

  1. This, of course, installs a piece of malware on by makubesu · · Score: 5, Funny

    the victim's machine

    So it installs flash?

    1. Re:This, of course, installs a piece of malware on by msauve · · Score: 4, Funny

      "So it installs flash?"

      Steve Jobs, is that really you?!

      --
      "National Security is the chief cause of national insecurity." - Celine's First Law
  2. Old? by girlintraining · · Score: 5, Insightful

    ...one of the older and more threadbare techniques in this particular game.

    Criminals don't care how old it is, but rather how successful it is. Please try to remember that, people. Technology doesn't have to be new or complicated to be useful, and deriding it because it is older is telling of a lack of experience with the thing. Spam will continue to be effective because it only costs a few dollars to register a domain, a little bit less to setup a distribution point, and once you have a few compromised hosts, it pays for itself -- and then some.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Old? by pyrosine · · Score: 2

      True, but when you consider it uses a fake flash installer rather than a browser specific bug which can install the trojan/virus without their knowledge, it is shown to be rather basic. Not only that, but if there was an actual ecard, the number of reported instances would be less (so those that know they have the newest version of flash wouldnt be alarmed), so their program is less likely to end up detectable, at least for a while.

  3. Re:Upon conviction of virus writing.... by sjames · · Score: 2

    Written as an academic exercise but it got out of the lab or was stolen out of the lab and re-purposed?

  4. Re:Upon conviction of virus writing.... by the_brobdingnagian · · Score: 2

    To train security people.

  5. Bunny by Anonymous Coward · · Score: 3, Funny

    From: Joe User (sksj3838lsk@reallywarmmail.com)
    To: You
    Subject: Bunny
    Attachment: bunnyhop.exe

    Hey check out this cool bunny, it hops around the screen and follows your mouse pointer, it sometimes hides behind windows! Just double-click on the attachement.

    Bye!
    Joe

    1. Re:Bunny by Demonoid-Penguin · · Score: 2

      From: Joe User (sksj3838lsk@reallywarmmail.com) To: You Subject: Bunny Attachment: bunnyhop.exe

      Hey check out this cool bunny, it hops around the screen and follows your mouse pointer, it sometimes hides behind windows! Just double-click on the attachement.

      Bye! Joe

      Which email provider allows you to send executable attachments?

      I've attached a free e-book explaining the weak points in your marketing campaign, and why anti-virus scanners are no substitute for knowledge, you sound like a smart individual - and I'd really appreciate your thoughts on my book, if you'd take the time to fill out the attached Word.doc and return it to me I'll send you $50US.

      Thanks for your time.

  6. threadbare? by ksandom · · Score: 2

    one of the older and more threadbare techniques

    If it works, expect them to use it.

    --
    Funnyhacks - Wierd, unusual, and fun hacks
  7. Re:Upon conviction of virus writing.... by jamesh · · Score: 4, Funny

    HARD LABOR, not some wimpy country club prison.

    On slashdot we refer to such prisons as "federal pound-me-in-the-ass prison" and "white collar resort prison" respectively.

  8. country club prison is better then leting rapist o by Joe+The+Dragon · · Score: 2

    country club prison is better then letting rapists out to make room for a hacker.

  9. Is there a way to do this in a benign way? by jamesh · · Score: 2

    This is something i've been thinking about for years. I want to do a mass mailout to all employees at all our clients (with the managers permission of course) in almost exactly the same way as this virus does, except instead of actually installing malicious software it keeps track of how many people click the link, and of those, how many then proceed to download the software. Far easier to send each manager a report of "x of your employees would now be infected if this was a real virus" (i'd probably not put individual employees names on there) than to fix the damage caused by viruses.

    Time to get coding I guess...

    1. Re:Is there a way to do this in a benign way? by Anonymous Coward · · Score: 3, Insightful

      You should also get your resume current except for the last bit of coding you're doing.

  10. Re:Unsuspecting users by hairyfeet · · Score: 2

    Actually there IS an easy way to sandbox everything, it just isn't made by MSFT. For the clueless or unsuspecting just give them a combination of Comodo Antivirus or Internet Security (both free) and Comodo Time Machine which is also free. Comodo AV will by default sandbox everything unless specifically told not to, with full file and registry virtualization, and I have gotten several reports from customers and family members that it has stopped some serious nasties when they clicked the wrong link.

    I consider Comodo Time Machine the flip side of that coin, protecting the user from themselves and their families stupidity the way Comodo AV protects them from the web. My GF is currently having to live two hours away to help with the family farm after her father had a heart attack. One day she forgot to log off before going out to make rounds on the farm and her niece got into her admin account and somehow managed to completely trash the system32 folder. Thanks to Time Machine I was able to walk her through by phone a complete restore of a machine that wouldn't even boot, and it took less than 15 minutes. Just press F11 when you see the Comodo Clock, tell the program where you want to go back to, and let it go. It was just that easy and in less than 15 minutes she was back to a perfectly running desktop.

    So believe me, between dealing with clueless customers and family members that can pick up more viruses than a Bangkok whore any solution I recommend has been put through some serious stress testing, and those two Comodo apps put together makes for a pretty much idiot proof Windows. With that combo pretty much the only thing you can't fix by phone is a HDD failure, and since I recommend USB HDDs for backups set to auto backup their important folders and image the OS drive even that can be restored to health by me in less than an hour. It is a lot less stressful for them, and a lot less work for me. I'd call that a win/win all around.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  11. Re:country club prison is better then leting rapis by froggymana · · Score: 2

    And I can protect my friends from viruses but giving them linux. :)

    Protection against these malware authors proves to be rather simple.

    --
    "To prevent this day from getting any worse, I'll just read ERROR as GOOD THING" 1GJU8xLuDKDxEs4KLf8fAGyptoDsqvEsBT
  12. Re:Upon conviction of virus writing.... by innocent_white_lamb · · Score: 2

    Stuxnet. (Military weapon.)

    --
    If you're a zombie and you know it, bite your friend!
  13. Re:Unsuspecting users by hairyfeet · · Score: 2

    Well I'm happy to help. Dealing with quite a few senior customers I found there really isn't any way to break them of their trusting nature, I guess because they grew up in a time when there weren't so many douchebags. But I would like to point out there are a couple of things you'll have to do, although I doubt it will affect any clueless family members.

    1.-Comodo Time Machine does not like dual boots with Win 7. Linux, win9x, win2k, not a problem. But if you install windows 7 to anywhere but the C: drive it changes itself to C: on startup, for example I am running Windows 7 and even though I installed on my D: it currently says it is on C: and my XP which is on C: is on E:. it does this because win 7 file and registry virtualization requires the C: drive letter but as a side effect it freaks Time Machine out. it won't hurt anything, it just won't run.

    2.-after first install and scan it will take Comodo Av or Comodo Internet Security (on XP I prefer CIS, and on Vista/7 I prefer Comodo AV, as the firewall in XP doesn't block outbound like Comodo AV and Vista/7 does) about a week to learn their usage habits. By that I mean it will ask them "Did you mean to launch this?" for the first week until it learns their apps. If you know which apps they use most often you can launch them yourself, otherwise they will have to click yes when they first launch an app. Once it has learned their patterns it is pretty unobtrusive and doesn't require an email address or constantly hit the with pop ups wanting to upsell them either. It also has a well designed control system so if someone knowledgeable such as yourself wants you can customize everything to your tastes or the desired security level, for example setting a rule that all browsers MUST run in the sandbox. It also has an excellent whitelist so once the PC is declared clean essential windows services won't cause a permission pop up.

    But if you have clueless relatives or those you have to support that live a good distance the Comodo one two punch along with Ninite and Filehippo Update Checker really are a Godsend. Ninite gives you a simple way to give them the latest of the most popular apps and codecs, so if say they call and say "It says I need Flash" you can send them to Ninite and tell them after running it if it still asks for Flash it is a virus. With Ninite it is easy as "check box, run installer" since it does a full web based unattended with NO TOOLBARS or other crap. And with Filehippo it will put a little icon that uses just a few dozen KB of RAM in the tray and will alert them if a third part app is out of date, because as we know third party apps like Adobe Reader when out of date (which I just give them Foxit from the Ninite site) are one of the biggest sources of malware drive bys.

    But with these plus those two Comodo apps I linked to earlier you can take the hassle and guesswork out of admin duties for family PCs. Comodo AV keeps them clean, Time Machine gives you a way to restore easily by phone even if they manage to BSOD the box, Ninite gives you an easy secure way to get them the latest apps, and Filehippo lets them keep them updated so YOU don't have to. Believe me with nearly 2 decades supporting home and small business users there really is no easier way to keep a Windows box up and running smooth.

    --
    ACs don't waste your time replying, your posts are never seen by me.