February Security Advisory
The Storm Worm is back and this time, it’s an all out war. A couple of weeks back, I wrote an article describing some new Trojans that carried a subject line regarding a huge storm battering the shores of Europe. The Worm was unique in a few ways that made it extremely difficult, if not impossible, to track down or shut down.
The new Storm Worm or Peacomm, as it is called, is a different animal, as far as the avenue of attack. But, other than that, it’s business as usual. Instead of catchy, hard to ignore e-mails, the new attack takes advantage of some of the more popular instant messengers out there. Google Talk, AIM and the Yahoo! Messenger are being targeted, in particular. This evolution of the Storm Worm is very subtle in its attempts to capture unsuspecting systems. Now, it doesn’t broadcast its content via spam, but instead, it injects a message along with a URL into another already open chat window. It inserts something like a message with a smileycon and a URL. This could then intrigue and ensnare any curious individual or someone who may be engaged in a text message and might not think twice about interacting with it.
As with its predecessor, the thing that really makes this virus stand out is the way in which it handles its prey. An infected machine will become a zombie in a botnet where the successful attacker can then do what they want with your machine. The botnet is built using the P2P technology, which has no central server. It’s like the PCs that are infected are part of the botnet and they all act collectively as one. If one unit is taken out, the network simply cuts its losses and carries on with the mission. This lack of static central control also creates huge obstacles for forces attempting to stop these types of attacks.
If you are someone who likes to use their instant messenger, then I would take some extra precautions until this threat is under control. For instance, most antivirus solutions today have settings that pertain directly to instant messengers. Familiarize yourself with this component and how it works. I would also highly suggest not linking out to any URLs that come from your instant messenger, especially if they seem to come out of nowhere. If you do need/want to open a link from your instant messenger, make sure the other person you’re talking to did actually send the attachment.
Valentine’s Day Spam
Well, you should know it’s coming. It’s a holiday and this is the stuff hackers love. To them, any reason is a good reason to send out viruses. Security companies of Sophos and Panda have shown interest in this particular crop of spam appearing, using the romantic holiday as its invitation. There are some new threats out there that have received some pretty high security ratings from both of these security companies. Nuwar.D and Nurech.A are two such worms making some waves. These, at the moment, are the prevailing holiday threats, with subject lines that read like a box of candy hearts. They say things like “We’ll be together until the end” and “I love you.” Both worms carry attachments that are in the .exe format and they should be easy to spot. Also, it goes without saying, please stay away from any e-mails you don’t expect with attachments, regardless of how much you want to be loved. I guess I could say love is a battlefield, but I won’t! : )
Microsoft Patch Tuesday
I also wanted to remind everyone about the Microsoft patch on Tuesday, which was yesterday. So, you may want to run an automatic update if you didn’t notice your Windows updating on its own. You should also be able to use the Security Baseline Analyzer to see where your system stands, as far as needing to be updated.
Until next week, stay safe out there!
~ Chad Stelnicki