Storm Worm - Phishing attacks from the Botnet - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Storm Worm - Phishing attacks from the Botnet

Storm F-Secure shares an analysis of how the Storm Worm botnet might be used in hosting a phishing attack to gain sensitive privacy or bank account information.

Storm Worm - Phishing attacks from the Botnet
http://www.f-secure.com/weblog/archives/00001359.html

Lightning QUOTE: Last night there was a phishing run. The IP address of the site was changing every second or so. The server was an active fast flux site and was hosted within a botnet. Interestingly, when we picked out a random IP address from the list and resolved that address to other sites hosted in the past, we found something familiar (e.g., hellosanta2008 and postcards-2008).

This sounds like Storm. So somebody is now using machines infected with and controlled by Storm to run phishing scams. We haven't seen this before. October brought evidence of Storm variations using unique security keys. The unique keys will allow the botnet to be segmented allowing "space for rent". It looks as if the Storm gang is preparing to sell access to their botnet.

Posted: Jan 11 2008, 03:05 PM by Harry Waldron | with no comments

Questions? Contact Susan at Susan-at-msmvps.com. Each post's copyright held by the original author. All rights reserved. Blog site is an independent site not sponsored by Microsoft.
Our servers would like to thank www.ownwebnow.com and www.exchangedefender.com. We wouldn't be here without the generosity of Vlad Mazek and his companies.

Powered by Community Server (Commercial Edition), by Telligent Systems

Theme based on the Paperclip Blog Theme included in Community Server.
Enhanced to a Site-Wide Theme by Interscape Technologies.