Storm worm linked to spate of DDoS attacks
Spammed malware attacking anti-spam sites, rival worm bases.
The fast-evolving malware spammed in waves since the new year, dubbed the 'Storm Worm' in the media thanks to the weather-related subject lines of many early versions of the emails used, has been linked to DDoS attacks on a variety of anti-spam sites, as well as sites hosting rival malware.

According to researcher Joe Stewart of SecureWorks, one of the components either carried in spam messages or downloaded by trojans spread by the Storm Worm campaign is a variant of W32/Nuwar. This mass-mailing worm was seen late in 2006, and got its name from the nuclear war warnings used to spread via email, a tactic mirrored in the waves of bad news seen earlier this year. Stewart's research reveals that one of several components downloaded to infected machines attempted to carry out denial-of-service attacks on developers of anti-spam and anti-rootkit technology, both techniques used by the worm. Attacks also took aim at sites hosting W32/Stration (aka Warezov), a rival spam worm, and this is thought to be indirectly behind attacks on SpamHaus a few weeks ago, after the Stration hosters redirected their heavy traffic to the SpamHaus domain.
The majority of these DDoS attacks took place in mid-January, and may no longer be in use by the latest versions of the malware, which continues to evolve as wave after wave of worms and downloaders are launched, each slightly tweaked to evade detection. Early use of bad news subject lines in the spammed emails has given way to romantic messages, in time for Valentine's Day celebrated later this week.
There is no evidence to link these attacks with the large DDoS launched against major DNS servers last week. Full details of Stewart's analysis can be found here.
12 February 2007
Tags:
del.icio.us
digg this
ARF published as IETF standard
Abuse report format helps auto-handling of email complaints
02 September 2010
Microsoft releases new fix for DLL vulnerability
Earlier workaround believed to be too complex for most users.
01 September 2010
Malicious tweets link to fake TweetDeck update
Twitter resets passwords for accounts that appear to have been hacked.
01 September 2010
94% of Internet users befriend unknown 'good-looking woman'
Sensitiva data shared after two-hour chat. (1 comment)
31 August 2010
Investment boost for Quick Heal
Indian security firm gets hefty cash injection.
27 August 2010

Quick Links
![]() |
Poll
When do you install software updates?Leave a comment
View 12 comments

2 hours ago
6 hours ago
Jobs
In Virus Bulletin's jobs pages among others:- Software Engineers for Windows Mobile development (Plaza Sentral, Kuala Lumpur, Malaysia)
- Senior Software Engineers for Mobile Research (Plaza Sentral, Kuala Lumpur, Malaysia)
Virus Bulletin currently has 208,224 registered users.



