Anyone remember this article I wrote back in July: STORM WORM: LARGEST ATTACK IN TWO YEARS, BUT WHY?
Well, it looks like I was correct in being concerned that the Storm Worm and its resulting botnets could become even more of a problem even though the code was so old. Now this nasty little trojan has a bran new bag:
Storm Worm Descends on Blogspot
It seems like spammers, scammers, phishers and now malware authors are starting to leverage blogs more and more, especially Blogger/Blogspot as Google tend to be quite slow in responding and sometimes don’t respond at all.This makes it an ideal platform for dodgy behaviour as the crooks have adequate lead time to con/infect people before they get shut down.
In this case Blogspot was used as the platform to propagate malcious messages by the Storm worm, people clicking these messages were liable to infection.
Source – Darknet – The Darkside
Notice what I underlined there. Darknet sees a growing threat from Splogs. I see that threat mixed with Storm Worm, and I say, “I knew Storm Worm would only become a larger problem”. I still don’t know why though, beyond the basic malicious crap people do.
There are probably millions of undetectable variants of the Storm Worm trojan. I am sure that the growing power of the extremely slippery botnets, that Storm Worm is used to create, will eventually do something very big and very naughty. I don’t know how or why or what will happen, but if unchecked, something really BIG is going to come crashing down on some rather large target, maybe even a government.
I know it seems like I keep saying “THE SKY IS FALLING”, but I’m not. I am only saying that there is the potential for “the sky to fall” if security companies and professionals don’t create a fool proof definition to stop all the Storm Worm variants and the botnets it creates.
Just in case you were wondering; No, I do not have the knowledge to create this “fool proof definition”, nor do I know how much work or how possible it could be.
Keep your eye’s open, and don’t click on random crap.
Amazing that Storm is so sophisticated. Not only does it parse browsers, but also browser versions. I can only imagine what’s next. I’m only glad that myself and my family have moved to Ubuntu. Although we still have to deal with the Spam from Storm, we do not worry about infections.
Although much of Storm’s machines are in fact outside the US, over half are inside the US. So simply blocking traffic from, say, China, won’t be very effective. That’s the power of a distributed botnet.
http://www.productreview.com.au/?a_aid=2006f0ef