Storm Worm Descends on Blogspot

The New Acunetix V12 Engine


It seems like spammers, scammers, phishers and now malware authors are starting to leverage blogs more and more, especially Blogger/Blogspot as Google tend to be quite slow in responding and sometimes don’t respond at all.

This makes it an ideal platform for dodgy behaviour as the crooks have adequate lead time to con/infect people before they get shut down.

In this case Blogspot was used as the platform to propagate malcious messages by the Storm worm, people clicking these messages were liable to infection.

Miscreants behind the Storm Worm have begun attacking Blogger, littering hundreds of pages with titillating messages designed to trick visitors into clicking on poisonous links.

By now, anyone who doesn’t live under a rock is familiar with the spam messages bearing subjects such as “Dude what if your wife finds this” and “Sheesh man what are you thinkin” and including a link to a supposed YouTube video. Recipients foolish enough to click on the link are taken to an infected computer that tries to make their machine part of a botnet.

Now Storm Worm, the malware responsible for those messages, has overrun Google-owned Blogger. According to one search, some 424 Blogger sites have been infected. The actual number is probably higher because our search contained only a small fraction of the teasers used by Storm.

The search result only returns 29 now as things have been cleaned up a bit.

It just shows, whatever vectors reach popular culture, the bad guys will be there leveraging them before anyone else.

“What it really shows to me is how pernicious these guys are and they’re indefatigable in trying to get into every place,” said Alex Eckelberry, president of Sunbelt Software who blogged about the Blogger assault earlier. “This is a voracious, voracious worm. I don’t think anybody in malware research has seen anything like Storm.”

Storm has already gone through more lives than a pack of feral cats. It started out in January as an email promising information about a winter storm that was sacking Northern Europe. Since then it’s offered sexy photos, electronic greeting cards and login credentials for various online memberships. According to researchers, Storm has infected more than 1.7 million hosts.

Storm’s ability to crack Google’s defenses is yet another testament to the resiliency of the malware. Google tends to outshine competitors in blocking spam and sniffing out sites that serve up Trojans.

Storm has also shown a pretty strong evolution pattern, it’s been linked to some of the biggest spam groups around…so expect it to keep coming, keep mutating and keep infecting.

The more zombies they have the more effectively they can spam and DDoS people that give them problems (Black list services and so on).

Source: The Register

Posted in: Malware

, , , , , , , , , , ,


Latest Posts:


Acunetix v12 - Pause & Resume Acunetix v12 – More Comprehensive More Accurate & 2x Faster
Acunetix, the pioneer in automated web application security software, has announced the release of Acunetix v12 - more comprehensive, accurate & 2x faster.
CloudFrunt - Identify Misconfigured CloudFront Domains CloudFrunt – Identify Misconfigured CloudFront Domains
CloudFrunt is a Python-based tool for identifying misconfigured CloudFront domains, it uses DNS and looks for CNAMEs which may be allowed to be associated with CloudFront distributions.
Airbash - Fully Automated WPA PSK Handshake Capture Script Airbash – Fully Automated WPA PSK Handshake Capture Script
Airbash is a POSIX-compliant, fully automated WPA PSK handshake capture script aimed at penetration testing, it is compatible with Bash and Android Shell.
XXEinjector - Automatic XXE Injection Tool For Exploitation XXEinjector – Automatic XXE Injection Tool For Exploitation
XXEinjector is an XXE Injection Tool that automates retrieving files using direct and out of band methods. Directory listing only works in Java applications.
Yahoo! Fined 35 Million USD For Late Disclosure Of Hack Yahoo! Fined 35 Million USD For Late Disclosure Of Hack
Ah Yahoo! in trouble again, this time the news is Yahoo! fined for 35 million USD by the SEC for the 2 year delayed disclosure of the massive hack, we actually reported on the incident in 2016 when it became public.
Drupwn - Drupal Enumeration Tool & Security Scanner Drupwn – Drupal Enumeration Tool & Security Scanner
Drupwn is a Python-based Drupal Enumeration Tool that also includes an exploit mode, which can check for and exploit relevant CVEs.


2 Responses to Storm Worm Descends on Blogspot

  1. dre October 25, 2007 at 11:22 pm #

    according to Brandon Enright, who spoke about the storm worm at toorcon 9 in san diego this past weekend – the storm worm is actually shrinking in size. i don’t have his slides, but as soon as i find them – i’ll post them here

  2. fazed October 30, 2007 at 7:33 pm #

    I hope my blog is fine :S