Storm Trojan Takes Social Measures

UPDATED: Web mail and message forums are the newest vehicle for the quickly spreading Storm Trojan, security researchers say. The latest attack injects a link to a malware site whenever infected users write online.

According to Symantec , Gmail, Yahoo Mail, Hotmail and
AOL are among a number of vulnerable Web-based e-mail products. Message forums based on vBulletin and phpBB software are also at risk, said a spokeswoman.

Users are first infected by clicking on an e-mailed link, which downloads a
malware rootkit able to watch network traffic, according to Dmitri
Alperovitch, Secure Computing’s principal researcher. The worm then inserts
“Have you seen this link?” in messages posted on a variety of Web mail and
online forums.

The link then infects more PCs, multiplying the malware’s spread, the
researcher told

Both Microsoft and Yahoo are
aware of the worm, spokespeople told Microsoft said
infected users can use Windows Live OneCare safety scanner to remove the

Yahoo said it uses “multiple approaches, including enhanced technologies,
to protect our users” when receiving mail. Google and AOL were not immediately available for

“When it notices you posting to a bulletin board, it modifies your posting
to include the spam text,” Eric Chien, principal software engineer at
Symantec, wrote in a blog.

The solution for companies is easy: Block employees from selecting the link,
Gartner research analyst John Pescatore told

The Trojan still infects outgoing instant messages for Gtalk, Yahoo
Messenger, AIM and ICQ, according to Symantec.

It’s worth pointing out that Storm is aimed right at the antivirus
companies — huge number of variants, constantly changing payloads and a
low-and-slow approach to distribution, Yankee Group analyst Andrew Jaquith told

“Yankee Group pronounced that
‘Anti-Virus is Dead’ in January, and this particular family of malware
proves our point — in spades.”

News Around the Web