Storm worm variant blows against blogs and forums
By Rene Millman
Posted on 28 Feb 2007 at 15:53
The Storm worm has returned in a new guise. The worm, which managed to cause a global virus outbreak earlier in the year is now targeting users who blog or post to forums.
The new variant is propagating itself via links from blogs and forum posts directing users to a malicious website that downloads code onto a user's machine which compromises the computer and turns it into part of a botnet.
Over the past twenty four hours, the virus has had computers post these malicious links on various websites, according to researchers at IT security company Secure Computing. Researchers warned that users should be on the lookout for links containing the text 'Have you seen this?' leading to a website with the words 'fun video' in them.
Clicking on the link will show a user a dialogue box asking them if they want to open an executable file. This file installs a rootkit on the user's computer and then attempts to distribute itself to other computers.
The rootkit then monitors the user and when they visit a blog or forum site, it then inserts the text and malicious link into messages and blog comments the user has sent. The worm successfully propagates if other users see and click on these malicious links.
Experts said virus writers are becoming more and more sophisticated with new variations of viruses coming out everyday.
'Given that this worm takes people who click on links in seemingly innocent blogs and bulletin boards to websites with malicious content, businesses should be strongly urged to protect themselves by blocking access to these types of websites to prevent 'lunch time browsers' from inadvertently downloading malicious content onto their PC,' said Donal Casey, security consultant, Morse.
Casey said that if access to the most common blog and bulletin board websites can't be blocked for business reasons then organisations need to use technology that can assess if a website contains malicious content and either remove the content before the page is displayed or block access to the entire website if it is detected.
From around the web
advertisement
- Chrome's shine getting lost in translation
- BytePac: the cardboard hard disk enclosure
- How tech loosens our grip on reality
- Hokum watch: Safer Internet Day
- Why I'm deleting Adobe from my PC
- Prepare to be patronised: it's Safer Internet Day
- Dear Sony, Samsung and every other tech company in the world: stop trying to be Apple
- Will Apple's Final Cut Pro X update placate the pros?
- Smartr Contacts for iPhone review
- Switching to Office 365's Outlook Web App
- Paying for your crimes with Bitcoin
- Pavement hacking: What it is and how to avoid it
- Google's risky pre-loaded pages
- Mac under attack: how secure is Apple's OS?
- Has your browser been hijacked?
- Can you send a truly anonymous email?
- Is it safe to send bank details over email?
- Sainsbury's Bank bans password storage
- MobileMe triggers credit card blocks
- How to stay safe against session hijacking
advertisement
Printed from www.pcpro.co.uk