Storm Worm Malware resurrects posing as Fake YouTube Link
In early August, we had reported about the return of the Storm Worm that was creating havoc all over the Internet. Now, in yet another twist to the Storm Worm nuisance, spammers are using fake YouTube links to trick users into downloading malicious code which could turn their PCs into bots.
The return of the Storm Worm was first detected by IT security company Sophos. It was found that emails containing this malware have a wide variety of subject lines and message texts.
These emails encourage recipients to click on a link to download an online movie that claims the following: “You can see your face right in the video. It’s all over they Web dude. This is the link to it.”
Clicking on this very link sends the victim to a Web page that contains malicious script and a Trojan Horse that has been designed to compromise the user’s PC and turn it into a zombie.
The malicious Web site attempts to install what is known as the Q4Rollup package, which is simply an encrypted collection of around 12 exploits including key loggers, spyware and rootkits.
According to security sleuth Graham Cluley, senior technology consultant for Sophos, “The gang behind these attacks are amongst the most professional we have ever seen- spewing out new variants of their code with multiple guises in their attempt to infect as many PCs as possible.”
However, according to security firm Exploit Prevention Labs, users whose PC’s security patches are up to date as of April 2007, are safe. However, if recipients of the mail get really nosy and inquisitive and click on the link “to see their face in eth video”, this will obviously trigger off the attack manually.
Cluely added, “Sophos recommends that everyone on the Internet treats security as a priority when they use the Web and email, or risk putting their livelihoods at risk.”
RSS |
Permanent Link
|
Del.icio.us
|
Cosmos
|
Digg
|
|
