Storm Worm Switching Propagation Vectors
0
The storm started with mass mailings, then the malware switched to IM propagation, and now the infected PCs are further spreading through blog and forum posts :"But the twist comes when these people later post blogs or bulletin board notices. The software will insert into each of their postings a link to a malicious Web site, said Alperovitch, who rates the threat as "high."We haven't seen the Web channel used before," he said. "In the past, we've seen malicious links distributed to people in a user's address book and made to look like it's an instant message coming from them."
The smart thing is that compared to situations where malware authors have to figure how to bypass the forum's CAPTCHA or mass spam and generate new blogs, in this case the (infected) end user is authenticating both himself and the malware. Here are some malware stats on social networking sites worth going through as well.
UPDATE: Symantec has a nice analysis with some screenshots of this variant.
About Dancho Danchev
Independent Security Consultancy, Threat Intelligence Analysis (OSINT/Cyber Counter Intelligence) and Competitive Intelligence research on demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at dancho.danchev@hush.com
0 Comments: