Results 1 to 12 of 12
  1. #1
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Exclamation Storm Virus plagues the Net with Botnets
    Storm Worm Erupts Into Worst Virus Attack In 2 Years
    Storm worm authors are blasting the Internet with two types of attacks, and both are aimed at building up their botnet.

    By Sharon Gaudin
    InformationWeek
    July 24, 2007 04:19 PM


    The Storm worm authors are waging a multi-pronged attack and generating the largest virus attack some researchers say they've seen in two years.
    "We are basically in the midst of an incredibly large attack," said Adam Swidler, a senior manager with security company Postini. "It's the most sustained attack that we've seen. There's been nine to 10 days straight days of attack at this level."

    Swidler said in an interview with InformationWeek that the attack started a little more than a week ago, and Postini since then has recorded 200 million spam e-mails luring users to malicious Web sites. Before this attack, an average day sees about 1 million virus-laden e-mails, according to Postini. Last Thursday, however, the company tracked 42 million Storm-related messages in that day alone. As of Tuesday afternoon, Postini researchers were predicting they would see that day between 4 million and 6 million virus e-mails -- 99% of them associated with the Storm worm.

    Read more about this as you promise yourself to never open or send anh e-greeting card http://informationweek.com/news/show...leID=201200849
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  2. #2
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Sure it's Affiliates doing the Botnet infestations
    Nice indepth article on the Storm Virus.... http://isc.sans.org/diary.html?storyid=3063

    Notice any of these names?
    Assuming the file is downloaded and executed. It calls home to 75.126.21.162 (75.126.21.162-static.reverse.kosmohost.net) on port 80/TCP
    36351 | 75.126.21.162 | 75.126.0.0/17 | US | arin | SOFTLAYER - SoftLayer Technologies Inc

    This IP may look familiar to many. Its been doing its bad thing since at least December, 2006.
    And here are a number of domains mapped to this IP that might look familiar
    2007postcards.com
    jokeonlineworld.com
    practicaljokeonline.com
    postcardsbargain.com
    freewebpostcards.com
    mailfreepostcards.com
    ecolorpostcards.com

    And finally, here are a few more of the malware hosting servers they've relied on in recent months in addition to the HopOne and Softlayer host above:

    27645 | 205.209.179.15 | 205.209.128.0/18 | US | arin | ASN-NA-MSG-01 - Managed Solutions Group, Inc
    27595 | 216.255.189.214 | 216.255.176.0/20 | US | arin | INTERCAGE - InterCage, Inc
    14361 | 66.148.74.7 | 66.148.64.0/19 | US | arin | HOPONE-DCA - HopOne Internet Corporation
    36351 | 75.126.21.162 | 75.126.0.0/17 | US | arin | SOFTLAYER - SoftLayer Technologies Inc
    36351 | 75.126.226.224 | 75.126.0.0/16 | US | arin | SOFTLAYER - SoftLayer Technologies Inc

    http://isc.sans.org/diary.html?storyid=3063
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  3. #3
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    Not-So-Fun Video PostcardA variety of bulletin boards are being spammed with the message to visit mailfreepostcards.com (don't visit that domain!) for a fun video. http://www.symantec.com/enterprise/s...ostcard_1.html


    However, when visiting that site, users are prompted to download an executable. Message board spam is nothing new, but what is different about this message board spam is the spam text is actually integrated into legitimate messages posted by real users.

    Posters are infected with an updated version of Trojan.Mespam, which is downloaded by Trojan.Peacomm. This threat has the ability to watch all your network traffic via a layered service provider (LSP) and when it notices you posting to a bulletin board, it modifies your posting to include the spam text.

    Trojan.Mespam can not only inject text into your outgoing forum posts, but also in Web mail provided by Tiscali, Earthlink, Comcast, Bellsouth, Gmail, Rambler, FastMail, Care2, mail.com, Hotmail, Yahoo, Lycos, AOL, and mail.ru. In addition, the updated threat still injects messages into outgoing instant messages for Gtalk, Yahoo Messenger, AIM, and ICQ.

    The Trojan has the ability to update the message and the URL, so the actual URL will likely change soon—especially as soon as we are able to close down that domain. In the meantime, don't click on unrelated links in forum postings, email, or IM, and definitely avoid executing any files you receive from unsolicited links. If you notice that in your own email, forum postings, or IMs you are sending out odd additional text or URLs, you are likely infected. You can scan your machine using Symantec Security Check.

    http://www.symantec.com/enterprise/s...ostcard_1.html
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  4. #4
    ABW Ambassador
    Join Date
    January 18th, 2005
    Location
    Nunya, Business
    Posts
    23,684
    Geno was asking about that the other day, about the greeting card stuff:

    http://forum.abestweb.com/showthread.php?t=92569

    It's been the usual for me, never had too much of a spam problem.

  5. #5
    Life is Supposed to be Fun! Rexanne's Avatar
    Join Date
    January 18th, 2005
    Location
    Los Angeles
    Posts
    12,360
    Yikes - nasty stuff. Thanks for the info Mike!
    Peace,

    Rexanne

    Rexanne.com
    Loving Everyone's Child Creates Magic


  6. #6
    ABW Ambassador
    Join Date
    June 30th, 2007
    Location
    Syracuse, NY
    Posts
    677
    Wow, nasty bug, and now I know why I'm getting all that greeting card spam. Was wondering! LOL

  7. #7
    Resident Genius and Staunch Capitalist Leader's Avatar
    Join Date
    January 18th, 2005
    Location
    Florida
    Posts
    12,817
    I haven't gotten greeting card spam in a while, but I did notice some virus-laden emails coming my way (with non greeting card subjects). I rarely get that kind of emails, so I had wondered what was up...

  8. #8
    Lite On The Do, Heavy On The Nuts Donuts's Avatar
    Join Date
    January 18th, 2005
    Location
    Winter Park, FL
    Posts
    6,930
    i've received thousands of those greeting card spam emails in the last 3 weeks.

    i think the greeting e-card companies will be damaged by these characters.

    the unethical thugs wreak havoc for the rest of us.

  9. #9
    The Seal of Aproval rematt's Avatar
    Join Date
    November 19th, 2006
    Location
    The Windy City
    Posts
    4,140
    As coincidence would have it, I started receiving these around the time of my birthday and opened one thinking it was from a friend or relative. Fortunately Norton caught it before any damage was done. I've now informed my friends and family to send cash instead.

    -rematt
    "I know that you believe you understand what you think I said, but I'm not sure you realize that what you heard is not what I meant." - Richard Nixon

  10. #10
    Affiliate Manager MINDsprinter's Avatar
    Join Date
    August 18th, 2006
    Location
    Washington, DC
    Posts
    1,436
    Makes me happy I have a Mac!
    Jason Rosenbaum
    Affiliate Manager
    MINDsprinting

  11. #11
    Troll Killer and best Snooper!
    I decide when the pigs fly!
    Rhea's Avatar
    Join Date
    January 18th, 2005
    Location
    New York, USA
    Posts
    6,195
    Why hasn't the US government gone after the host? Aren't they breaking the law by disseminating a virus? I just got one with a spoofed epa.gov email addy.

  12. #12
    2005 Linkshare Golden Link Award Winner  ecomcity's Avatar
    Join Date
    January 18th, 2005
    Location
    St Clair Shores MI.
    Posts
    17,328
    http://www.symantec.com/enterprise/s...ostcard_1.html
    "Posters are infected with an updated version of Trojan.Mespam, which is downloaded by Trojan.Peacomm. This threat has the ability to watch all your network traffic via a layered service provider (LSP) and when it notices you posting to a bulletin board, it modifies your posting to include the spam text.

    Trojan.Mespam can not only inject text into your outgoing forum posts, but also in Web mail provided by Tiscali, Earthlink, Comcast, Bellsouth, Gmail, Rambler, FastMail, Care2, mail.com, Hotmail, Yahoo, Lycos, AOL, and mail.ru. In addition, the updated threat still injects messages into outgoing instant messages for Gtalk, Yahoo Messenger, AIM, and ICQ.

    The Trojan has the ability to update the message and the URL, so the actual URL will likely change soon—especially as soon as we are able to close down that domain. In the meantime, don't click on unrelated links in forum postings, email, or IM, and definitely avoid executing any files you receive from unsolicited links. If you notice that in your own email, forum postings, or IMs you are sending out odd additional text or URLs, you are likely infected. You can scan your machine using Symantec Security Check."

    LOL... the wanks at Fastclick throw up a pop-under for some bogus registry scanner/spyware cleaner when visiting Symantec off that link ..just ignor it.

    I'm waiting for some ABW AM with multiple forums posting, open IM programs and e-mail clients getting hit with this Storm worm package. Every contact by all methods will get blasted by them.
    Webmaster's... Mike and Charlie

    "What have you done today to put real value into a referral click...from a shoppers viewpoint!"

  13. Newsletter Signup

+ Reply to Thread

Similar Threads

  1. Crazy Botnets / Sql attacks today ...
    By Georgie Peri in forum Spam
    Replies: 6
    Last Post: December 17th, 2009, 04:52 PM
  2. Dust Storm
    By Adam Ward in forum Virtual Family and Off-Topic
    Replies: 9
    Last Post: July 19th, 2007, 01:48 PM
  3. metabolife.net herbalpill.net facialmask.net
    By rclark in forum Midnight Cafe'
    Replies: 2
    Last Post: February 21st, 2006, 03:23 PM
  4. Geomagnetic Storm
    By SandraR in forum Midnight Cafe'
    Replies: 1
    Last Post: October 23rd, 2003, 06:30 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •