More Spam Expected From Google and Microsoft
Continue Reading Add comment October 6th, 2008
No I don’t mean that Google and Microsoft have started to spam people though I do certainly get a lot of messages from both of them.
Posts filed under 'Research'
If Your e-mail Address Starts With A You Get 10% More Spam!
Continue Reading Add comment August 28th, 2008
An interesting article that analyzed spam sent to both real and fake e-mail addresses over an 8 week period which shows that e-mail accounts that start with some letters get more spam than others. (Aardvarks vs. Zebra in the article).
TechRepublic – “Storm Worm: The Energizer Bunny of Botnets”
1 comment August 6th, 2008
Apart from a great title this is a very interesting read on what the Storm Worm is up to these days.
- Shaun
Original article: http://blogs.techrepublic.com.com/networking/?p=620&tag=nl.e102
In the world of botnets, Storm isn’t king anymore, but Storm’s botnet owners aren’t giving up. This article is a reminder by Michael Kassner of the need to remain vigilant and not fall prey to the Storm worm or its relatives.
——————————————————————————————————————-
It appears that the Storm worm is making a comeback. I first made mention of this botnet maker in the article “Kraken: The biggest, baddest botnet yet“, where I explained how Storm was losing its grip as being the largest botnet in history to Kraken and Srizbi as the second largest. Well, Storm developers have added a few new twists to their arsenal and are seeing a resurgence in the size of their botnets. Therefore it’s very important to not become complacent about this type of malware as it relies on social engineering to propagate. I’d like to take a few moments to go over the process so we’re all clear on how the infestation occurs.
How my computer became a zombie
Let’s follow the process of becoming infected with Storm and the after-effects:
- I receive an e-mail informing me that the attachment contains some very important information. Not knowing any better, I open the attachment.
- I was just conned, the attachment has the Storm trojan/bot client hiding in it. My computer is now infected and just became part of a botnet. The scary part is that this all happened without my knowing it.
- What’s worse is that my AV application is useless as Storm’s code changes constantly, so any AV signature is out-of date within an hour.
- My computer now follows the bidding of the “botmaster,” which normally means it’s going to be used to as a spam relay. There are other more malicious activities such as “distributed denial of service attacks” but botnets are usually for hire and spamming is a lucrative business.
That’s one scenario and as botnet malware matures other more sophisticated attack venues are introduced. For instance, the delivery mechanism used by the Storm worm changes regularly. It starts out as PDF spam progressing to links for e-cards or invites to Web sites. The worm developers will try any method possible to entice users to click on a phony link or attachment. The initial e-mail used by Storm also morphs. There are new subject lines and body text that refer to relevant news or issues — any way to subjugate human nature.
The willingness to prey on human nature is why Storm is back in the news. It’s propagating successfully using an e-mail with a subject line of “FBI may strike Facebook” or “The FBI has a new way of tracking Facebook.” It appears that once again the developers have touched on a chord of human nature and are getting a decent infection rate.
Final thoughts
I could spend all sorts of time on the intricacies of how each of the top three botnets work or how successful they are at evading detection, but that wouldn’t help. This article is my regular attempt at making sure all of us are cognizant of the need to be web-savvy, always questioning whether that link or an attachment makes sense. Doing so will go a long way to reducing the amount of spam we receive. This certainly includes me, as I’ve been very close to becoming an unwilling botnet member myself.
——————————————————————————————————————-
Michael Kassner has been involved with wireless communications for 40 plus years, starting with amateur radio (K0PBX) and now as a network field engineer and independent wireless consultant. Current certifications include Cisco ESTQ Field Engineer, CWNA, and CWSP.
Here are more Blog articles on the Storm Worm:
- In the last few weeks I have received several requests for information regarding the Storm Worm. So today I thought I would perform an analysis in my lab on the last Storm Binary (postcard.exe) I retrieved using my Storm Binary Tracking … - The Storm worm first appeared at the beginning of the year, hiding in e-mail attachments with the subject line: “230 dead as storm batters Europe.” Those who opened the attachment became infected, their computers joining an ever-growing … - E-mail pretending to contain information on a fictitious FBI vs. Facebook case contains malicious code for the Storm worm botnet. - The FBI and its partner, the Internet Crime Complaint Center (IC3), have received reports of recent spam e-mails spreading the Storm Worm malicious software, known as malware. These e-mails direct recipients to click on a link to view … - I can barely see anything around me due to all the smoke coming from the smoking guns of who’s what, what’s when, and who’s done what with who, especially in respect to Storm Worm whose multitasking on different fronts in the first … - The Storm Worm-ers seem to be lacking their usual creativity in respect to the usual social engineering attacks taking advantage of the momentum we’re used to seeing. These days they’re not piggybacking on real news items, … - In addition, an IP address related to the University of California in San Diego (UCSD) sticks out, presumably related to their Storm Worm research. I’m not yet sure what all the other IP addresses mean, but presumably all of them are … - The FBI is warning email users of spam email which mentions a link to an FBI vs Facebook news article. Once the user clicks on the link, the Storm Worm malware is downloaded to the Internet-connected device… - A rash of complaints prompted the FBI to issue a warning of a new round of spam e-mails bombarding the Internet to spread the malicious Storm Worm. |
Update of the McAfee S.P.A.M Experiment
Continue Reading Add comment July 2nd, 2008
While McAfee is supposed to release the full report today one mother of three named Tracey Mooney has already talked to Network World and given her version of the experience of being deliberately naive on the Internet for a month. The outcome?
