EmailSafety.net - Hacked GOP site infects visitors with malware

Hacked GOP site infects visitors with malware

Anti-Spam Software

What is Spam?

Spam Laws

Spam Facts

User Tips

Common Email Scams

What Are Visuses?

Virus Prevention Tips

Anti-Virus Software

Basic Tips

Community

You have less than 24 hours to win $10,000 from Cisco

No pastures yet for retiring Cisco CFO Dennis Powell

Jeff Spagnola wrote first post in the new Cisco service provider blog

All security forums

Story tools

Sponsored by:

E-Mail article
Print article
Contact author	Reprint
AIM article	del.icio.us
Reddit	Digg
Stumble	Slashdot It!

This is the first time that Storm has taken to the Web for its victims, said Dan Hubbard, head of research at San Diego-based Websense. "The big news is that Storm has added infecting sites to its arsenal," said Hubbard.

New! Watch this Network World Webcast - Security Information Management Solutions: Beyond Threat Management

Storm debuted in January but only cracked the top malware lists early this summer, and has become infamous for its ability to adapt its infection strategies.

"They have a knack for latching onto the latest newsworthy events and capitalizing on the public interest in them," Symantec researcher Hon Lau said last month. "And if no newsworthy events are happening at the time, then they will just make them up."

Until now, Storm has infected users via files attached to e-mail or through links embedded in spam. The change noticed by Websense's scanners, however, means that Storm's backers have moved to other attack vectors -- in particular, compromised Web sites that sport malicious IFRAMEs. Users visiting such sites are instantly infected with the Trojan if their browsers are not patched against whatever exploit the IFRAME code is throwing out.

According to Hubbard, several hundred sites have been compromised by Storm's makers, then seeded with IFRAMES that can inject the Trojan into vulnerable PCs.

One such site was a Republican Party Web site for the 1st Congressional District of Wisconsin. Within hours after Websense notified the site's owners, however, it had been purged of the dangerous IFRAME code. By mid-morning Friday, it was safe to visit. Hubbard did not know how the site was compromised.

The motive behind Storm's continued attacks, and its expansion into new areas like this, said Hubbard, is a never-ending appetite for bots -- compromised computers that can be used for spamming or other criminal activities, either by the original attackers or by others who lease sections of the botnet.

1 | 2 | Next >

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.

Recent News:

· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High

Site Map | Recent News | Related Sites

Other stories on this topic

Community

Story tools

Sponsored by: