08 October 2007 | 6,497 views

Storm Worm Descends on Blogspot

Check Your Web Security with Acunetix

It seems like spammers, scammers, phishers and now malware authors are starting to leverage blogs more and more, especially Blogger/Blogspot as Google tend to be quite slow in responding and sometimes don’t respond at all.

This makes it an ideal platform for dodgy behaviour as the crooks have adequate lead time to con/infect people before they get shut down.

In this case Blogspot was used as the platform to propagate malcious messages by the Storm worm, people clicking these messages were liable to infection.

Miscreants behind the Storm Worm have begun attacking Blogger, littering hundreds of pages with titillating messages designed to trick visitors into clicking on poisonous links.

By now, anyone who doesn’t live under a rock is familiar with the spam messages bearing subjects such as “Dude what if your wife finds this” and “Sheesh man what are you thinkin” and including a link to a supposed YouTube video. Recipients foolish enough to click on the link are taken to an infected computer that tries to make their machine part of a botnet.

Now Storm Worm, the malware responsible for those messages, has overrun Google-owned Blogger. According to one search, some 424 Blogger sites have been infected. The actual number is probably higher because our search contained only a small fraction of the teasers used by Storm.

The search result only returns 29 now as things have been cleaned up a bit.

It just shows, whatever vectors reach popular culture, the bad guys will be there leveraging them before anyone else.

“What it really shows to me is how pernicious these guys are and they’re indefatigable in trying to get into every place,” said Alex Eckelberry, president of Sunbelt Software who blogged about the Blogger assault earlier. “This is a voracious, voracious worm. I don’t think anybody in malware research has seen anything like Storm.”

Storm has already gone through more lives than a pack of feral cats. It started out in January as an email promising information about a winter storm that was sacking Northern Europe. Since then it’s offered sexy photos, electronic greeting cards and login credentials for various online memberships. According to researchers, Storm has infected more than 1.7 million hosts.

Storm’s ability to crack Google’s defenses is yet another testament to the resiliency of the malware. Google tends to outshine competitors in blocking spam and sniffing out sites that serve up Trojans.

Storm has also shown a pretty strong evolution pattern, it’s been linked to some of the biggest spam groups around…so expect it to keep coming, keep mutating and keep infecting.

The more zombies they have the more effectively they can spam and DDoS people that give them problems (Black list services and so on).

Source: The Register



Recent in Malware:
- ParanoiDF – PDF Analysis & Password Cracking Tool
- Windows Registry Infecting Malware Has NO Files
- FakeNet – Windows Network Simulation Tool For Malware Analysis

Related Posts:
- The World’s Biggest Botnets – Peer to Peer
- Storm Worm Spreading Some Holiday Cheer
- Conficker Finally Awakes & Dumps Payload

Most Read in Malware:
- Nasty Trojan Zeus Evades Antivirus Software - 77,309 views
- Hospital Hacker GhostExodus Owns Himself – Arrested - 47,460 views
- US considers banning DRM rootkits – Sony BMG - 44,929 views

Advertise on Darknet

2 Responses to “Storm Worm Descends on Blogspot”

  1. dre 25 October 2007 at 11:22 pm Permalink

    according to Brandon Enright, who spoke about the storm worm at toorcon 9 in san diego this past weekend – the storm worm is actually shrinking in size. i don’t have his slides, but as soon as i find them – i’ll post them here

  2. fazed 30 October 2007 at 7:33 pm Permalink

    I hope my blog is fine :S