If you haven’t heard already there’s an old worm in town with several new variants. This is not w32.storm.wrom, so don’t get all confused by the name. As per some recent articles, here is just how naughty this little worm is (my comments in RED):
The “Official” Definition:
1st The Wiki: The Storm Worm (dubbed so by Finnish company F-Secure, alias: Trojan-Downloader.Win32.Small.dam, Trojan.Downloader-647, Trojan.DL.Tibs.Gen!Pac13[1]; other names, given by antivirus vendors: Downloader-BAI (McAfee), Troj/Dorf-Fam (Sophos), Trojan.Peacomm (Symantec), TROJ_SMALL.EDW or CME-711 (Trend Micro), Win32/Nuwar.N@MM!CME-711 (Windows Live OneCare)) is a backdoor[2][3] Trojan horse, identified as Small.dam,[1][4][5] discovered on January 17, 2007.[1] The Storm Worm infected thousands of computers (mostly private) in Europe and the United States on Friday, January 19, 2007 using a topical e-mail message with the subject “230 dead as storm batters Europe”.[6][7] During the weekend there were six subsequent waves of the attack.[8] As of Monday, January 22, the Storm Worm accounted for 8% of all infections globally.[9]
[…]
When an attachment is opened(!not anymore! see the Information Week article below), the malware installs the wincom32 service, and injects a payload, passing on packets to destinations encoded within the malware itself. According to Symantec, it may also download and run the Trojan.Abwiz.F trojan, and the W32.Mixor.Q@mm worm.[11]
2nd Symantec:
Discovered: January 19, 2007
Updated: January 19, 2007 6:52:29 PM
Also Known As: Small.DAM [F-Secure], CME-711 [Common Malware Enumeration], Troj/Dorf-Fam [Sophos], Downloader-BAI!M711 [McAfee], TROJ_SMALL.EDW [Trend], W32/Tibs [Norman], Troj/Dorf-J [Sophos]
Type: Trojan
Infection Length: 29,347 bytes; 30,720 bytes; 32,387 bytes; 34,816 bytes (varies)
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP
Trojan.Peacomm is a Trojan horse that
drops a driver program file to download another program(AGAIN !not anymore! see IW article below). It is reportedly attached to spammed email. It may also be dropped by W32.Mixor.Q@mm.
The Kinda Old News:
For 24 hours in mid-January, stock-fraud investigation site StockPatrol disappeared from the Internet, overwhelmed by a massive flood of Web requests coming from thousands of sources.
[…] Highlighting another trend, bot nets created with the program use peer-to-peer communication to make shutting down the illicit networks much more difficult. Typically, bot nets last no more than a day after their command-and-control server is identified. The peer-to-peer component of the Storm Worm enables its bot nets to reconstitute themselves after the central server is taken down. (SecurityFocus 2007-02-16)
The New..ish News:
Storm worm authors are blasting the Internet with two types of attacks ( mainly spam: e-Cards and Phoney Virus Alerts), and both are aimed at building up their botnet.
[…] The viruses are not embedded in the e-mails or in attachments. The e-mails, many of them otherwise empty, contain a link to a compromised Web site where machines are infected with a generic downloader. (TOLD YA. NOTE THE BIG CHANGE IN TACTICS. No malware in the e-mail, means no virus filtering problem.) This helps pull the computers into the malware authors’ growing botnet, while also leaving them open for further infection at a later date. (InformationWeek 2007-07-24)
The Latest: In all honesty, who knows? However…
An interesting happening this week, some ISP’s have been jacking the DNS entries for certain IRC networks to crack down on zombie/bot infections. (Darknet: TimeWarner DNS Hijacking IRC Servers to Stop DDoS Attacks)
Read that whole article from Darknet and you’ll get my drift. I see a connection between ISP’s trying to block “zombie/bot infections” and the last I heard on storm.worm varients.
Anyway, its obvious that whoever is running this game must be hell bent on something, but what?
I will keep everyone updated and post the source code for all the related malware to the “Storm Worm” as soon as I can find it. If you happen to find it before me, please post a link in the comments.
Peace
I Just came accross this site, http://www.freebieSMS.co.uk , and it seems to offer free SMS messages, for the UK at least, has anyone ever used them?
http://www.thecoolnews.org
Is the best site for all the tips and tricks u ever dreamt off. 😉
[…] To Say I Told You So… 8 10 2007 Anyone remember this article I wrote back in July: STORM WORM: LARGEST ATTACK IN TWO YEARS, BUT WHY? Well, it looks like I was correct in being concerned that the Storm Worm and its resulting botnets […]
[…] STORM WORM: LARGEST ATTACK IN TWO YEARS, BUT WHY? […]
lol azag dya realise that there is a good chance that the authors learnt sum virus making off your site
tboy1337 – Sadly, Yes I’m sure at least a few authors gathered intel off my site and at the very least might have learned some new tricks if they did their homework or whatever. ;-P It seems pretty feasible in theory so I’m going to guess chances are good it did happen on at least a few occasions. Then again, some have also thanked me for finding info to help them learn a programming language for college/university classes, so many positive things also happen as well. Funnier fact is it went full circle now some of these storm worm infected machines are trying to probe my site although very unsuccessfully. I am not respondsible for the actions [whether bad or good] of my visitors.
I have no way of telling what viruses or authors may have been spawned by visitors but I really don’t want to know. 😉 I haven’t seen any authors mention it but I think that is for the best. I don’t want know troubles lol. I tell people never to spread such creations whether their own or the inventions of others. Don’t mess up the internet for others kids. Remember it’s made up of a delicate series of tubes. 😉 heheh
I also wish people would use stop thinking I’m a backdoored server trying to run C99shell(s) off my site. They are there to download I’m not running PHP based server you silly bastards. Some people got to be a little slow if they think I would put up code, apps or exploits that I’m vulnerable too on my site. Come on people think a bit before you leap from f*cks sake. Take note of the section title if you read english (or can translate it) and most would assume it is fairly obvious I am not some hijacked server or one left with a backdoor hanging wide open as it were. 😛
– Azag
http://www.productreview.com.au/?a_aid=2006f0ef
enforcible illumine hysteralgia pseudoliberal unequilibrated staggy tautomeric undern
Amish men plead guilty to dealing drugs
http://cnn.com/2003/WORLD/europe/11/05/germany.shootdown.ap/
dior bags
lady dior bag
This is good frequently exchange for tea. How you think?
PaniSex is your ultimate source for free sex personals, adult dating, amateurs & swingers.
Being the world’s largest adult sex and swingers site, you can find new hookups with the hottest singles and wildest couples.
Whether you’re looking for sex chat, nude webcams, swinger action, group sex or free adult personals, you’ll get it on PaniSex.
Turn your wildest fantasies into reality. Join PaniSex today and make love tonight.
один из самых интересных порталов в интернете
http://ural-stanok.ru/img/img/map1.html
Hello World
segseg
http://tuduwexutiteropa601.front.ru
http://buiversavi2003.front.ru
.
http://cessrent2008.chat.ru
Just making my earliest notify at themostboringblogintheworld.wordpress.com, which seems to be a wonderful forum!
http://massup.ru
v.eravd.e.e.va@gmail.com
а
а
AugustoCes
http://veselovatawa.narod2.ru
http://simpcontmorti2007.hotbox.ru
http://goldregahoc1987.hotbox.ru
…
а
Создание сайтов в Твери, Конаково. Разработка дизайна, полиграфии, стиля, визиток, рекламы, логотипа.
OKOKOKO
cheap suprax without a prescription in usa
graham huntley
test
http://spravki-ot-fizkulturi.mobisoft.dnepr.com
http://phoneymelodie.com/video/films/3660-styd-shame-2011ts-mp4-avi.html
Демо
get it
ололо
http://avangardizm.clubviktorina.pp.ua
Ya prishol
http://fashionstage.ru
http://belpdd.com
sneakers isabel marant The brand name identify or logo should be engraved on the hardware, not embossed or just printed.As a result these facilities have averted the use of any other electronic gadgets which you require to carry it alongside with you everyday.
isabelle marant Make the proper choice, you can realize its full prospective.Childrens beach sandals are light so that children can put on them easily, but strong enough to shield tiny ft from any sharp objects that might be hiding in the sand.
http://tiufunc1972.host.sk 213
April
Your dog makes a speciality of aiding clients recover performance as well as live through the health health conditions through the multidisciplinary tactic Blyth FM, Walk LM, Brnabic AJM, Counterparts MJ
Doctors through distinct areas of expertise from all of over the World are already taken advantage of our own training Among the list of difficulty with serious pain supervision would be that the brain habituates to pain-killing drugs, necessitating better and also bigger amounts
цена золота цб эмиссия привилегированных акций
замирает, затем откатывается к 1209, где срабатывает стоп. Рынок Clearing House: Расчетная палата. Подразделение фьючерсной биржи,
Терминах десятичных логарифмовнапример если счет в 100 000 вырос до 285 610 за четыре. Или трех акциях сразу же начинают покупать другие бумаги и рынок поднимается.
I think Louis Vuitton Belt is our love.
Arttemp
g
test
newscrawl
aaaaaaaaaaaa
hi
http://own.almazbur.pp.ua
almazrez
hi
http://kelognela1973.pop3.ru
Doorways
фывфыввыв
Hi, Neat post. There is a problem together with your web site in web explorer, could check this… IE still is the market leader and a huge component to other folks will miss your fantastic writing because of this problem.
test
torque Screwdriver newton Meters
STORM WORM: LARGEST ATTACK IN TWO YEARS, BUT WHY? | TheMostBoringBlogInTheWorld
Very good article! We will be linking to this great post on our site.
Keep up the good writing.
I’m not sure why but this web site is loading extremely slow
for me. Is anyone else having this problem or is it
a problem on my end? I’ll check back later and see if the problem
still exists.
Great site you’ve got here.. It’s hard to find high-quality writing like yours
nowadays. I seriously appreciate individuals like you!
Take care!!
com website being hacked and vital information for over a million individuals being stolen. This is
due to the fact that connecting through a free
proxy server or free proxy providing website may get you being hacked
by various stuffs. If you are interested in finding a nearby gas station hit Alt and 2, a restaurant Alt and 3, Alt and 5 provides you
with a keyword box so you can custom search.