Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Storm Worm - New encrypted packets and I-Frame injection version coming

Storm Recently, we may have been in "calm before the storm", as e-card attacks have diminished some. These 3 blog posts point to more innovation in new attacks that could be coming soon: 
 
Storm Worm - New encrypted packets and I-Frame injection version coming
 http://www.symantec.com/enterprise/security_response/weblog/2007/10/strengthening_storm_almost_hur.html
 http://www.secureworks.com/research/blog/index.php/2007/10/15/the-changing-storm/
 http://blogs.pcmag.com/securitywatch/2007/10/the_gathering_storm.php 
 
Lightning QUOTE: 
 
Strengthening Storm – Almost Hurricane?
 
The new Storm worm variants being seen these days have yet again evolved and are gaining strength. Well, at least in encryption technology. The P2P UDP packets (made up of the header and payload) are now encrypted using a 40-byte key. As our friends at Secure Works pointed out here, this is definitely good news for network administrators who have to deal with legitimate P2P overnet traffic.
 
The encryption is trivial and isn't the only new thing found in this variant. It seems to have some new techniques for propagation. Firstly, it is able to scan the file system and drop an executable into any folder with at least one .exe file. Secondly, the worm is able to harvest email addresses from the file system and send spam to those addresses. Lastly, it is able to search for .htm, .html, and .php files and inject malicious IFRAME code into them

Posted: Oct 18 2007, 06:58 PM by Harry Waldron | with no comments