New Virus Called Storm Worm Or W32/nuwar@mm Is Out And About WINZIP/Rar be WARNED

[Saint_Michael 3]

To think the Microsoft ANI exploit and the botnet things were bad but this just top the charts, this new variation of the Storm virus of last year gets a new powerful punch. The virus gets sent through a password protected zip fil in which the password is contain in a image file in the email. The email subject contains either Worm Alert!" or "Trojan Detected! so do not open and just delete it. Also the image file will read something like UrgentNotice.gif" or "AbuseReport.gif. and the zip file will read something like "patch-####.zip" or "removal-####.zip.".


McAfee states that this virus requires some interaction in order ot be trigger, because the email stats that your computer is infected and that you must run this patch or a removal tool in order to be protected. They do mention people are still falling for it. In fact 20,000 computers alone got affected on thursday alone and they expect more to be affected as the days and weeks go by.

Here is the technical talk about this worm

Ken Dunham, director of the rapid response team at VeriSign iDefense, offered some technical insight into the latest Storm variant. For starters, it includes antisecurity measures to hinder analysis. E-mails are randomized with different filenames, different passwords, and different binaries within the ZIP file -- all to evade detection.
"Once executed the worm installs a rootkit on the system (wincom32.sys) and communicates over a private peer-to-peer network to update itself," Dunham said. "It is highly likely that this latest attack will result in many more downloads, pump and dump attacks, and more as seen with former Storm Worm attacks to date."

In essence, the infected computer becomes a zombie machine on a botnet that can be used to send out spam that will launch new attacks. It can also open the door for additional malware to be installed on the victim's system.

That that is just plain scary right their on the fact that this new version can escape the anti virus software detection, and soem security research even mention that anti-virus software is no longer adaquate to prectect users especially if people are still fallen for the same old tactics when a virus comes out. Right now their are no known patches or updates to prect people so be on the look out for this bad boy.


SOURCES
Here
Here

[X_X 0]

Oh. Thanks for warning us

[Saint_Michael 3]

Well it seems the Storm Worm has become a rather nasty customer recently, the worm has created a botnet of almost 2 million computers and almost 500 million emails that connect to the worm have been tracked. However, what's got the security people are worried about is the possibility of a large scale DOS attack, and from they mention since there are enough computers a small country's computer network could get shutdown. So far or small DOS attacks have been associated with this worm, so far the only suggestions that have come up is make sure your expecting emails with attachments and all that good stuff, block P2P networking since it seems do it's best damage(infection) that way.

So I would say to the members here to be extra precaution in your activities concerning all that fun stuff .

SOURCE

Here

[Saint_Michael 3]

It seems the Storm Worm has gotten a bit more smarter as it keeps on morphing and trapping more people as the authors are changing the way the emails are being sent out.

Dmitry Gryaznov, a researcher with McAfee's Avert Labs, reported in a blog entry over the weekend that the malware authors were putting aside some of their e-card schemes for the old trick of luring people to open an e-mail by promising them nude or pornographic pictures. Gryaznov pointed out that the e-mails tend to have blank subject lines.
Then the authors quickly changed tactics again -- this time sending out e-mails that either invite the user to join various clubs or talk about services, like online dating sites, that the user supposedly signed up for.

Johannes Ullrich, CTO of the Internet Storm Center, has been posting rolling advisories on the site's diary, warning users about the changing attacks. He noted the phony e-mails inviting people to join a club can look legitimate since they contain fake account numbers and temporary passwords and login IDs. "I have seen about a dozen different ones so far," wrote Ullrich. "They are all 'confirmations' in this style to various Web sites. The Web page offers again an 'applet.exe' for download."

So basically if you want to keep your computer zombie bot free really look at emails that your friends sent or you don't know who the person is. Of course people are smart enough to not open up spam that say you won a thousands dollars. By the looks of it, the security teams have so far not broken the worm to either patch or finally disable it, so watch your email accounts more carefully.

SOURCE
Here
Here
Edited August 23, 2007 by Saint_Michael (see edit history)

[odomike 0]

Thanks for the warning Mike. Gotta be more careful with 'em emails now.