Apply caution when you get New Year messages in your
mail box! A massive attack of the Storm Worm variant called 'Zhelatin.pt' is underway
with a rather simpler modus operandi, say Security Experts at MicroWorld Technologies.
It
begins with emails arriving with subject line 'Happy New Year' or 'Message for
new year'. The mail body has a web address chosen from a random list that contains
URLs like newyearcards2008.com, newyearwithlove.com, hohoho2008.com, hellosanta2008.com,
happy2008toyou.com and uhavepostcard.com.(Please don't try to access any of these
websites on your computer!)
On these websites, a message is displayed which
reads as, "Your download should begin shortly…….. Click here to
launch the download and press Run. Enjoy!". Clicking the link, a file named
happynewyear2008.exe or happy2008.exe, which carries the worm Zhelatin.pt', is
downloaded into the computer. Once a victim clicks on the downloaded exe, the
Worm drops some files and runs certain services to quickly and silently to make
the computer a part of a large spam relaying network or Botnet.
"Taking
down the websites used in this Worm attack is quite a challenge as all of them
are hosted using a technique called Fast-Flux DNS," says Manoj Mansukhani,
Head - Global Marketing, MicroWorld Technologies. "Fast-Fluxing is a method
where Virus authors deploy a continuously changing network of botnet computers
to act as proxies for hosting harmful websites. To add to it, the Russian domain
name provider where these sites are registered to is closed for the first week
of January, which gives ample time for the criminals behind the worm to make merry!"
The first Zhelatin variant appeared in January 2007 which spread with the
help of mails with a subject line '230 dead as storm batters Europe' and other
socio political events, thereby deriving its popular name - Storm Worm. All mails
carried exe attachments with randomly chosen names that invariably lured recipients
into downloading them.
"Storm Worm is the most successful malware of
its kind with an established botnet of around 3 million compromised computers
worldwide according to some estimates. This network of zombie PCs relays a significant
portion of the spam mail traffic on the Internet today. Unlike most other botnets,
this one does not have a central command but operates using peer-to-peer networks
which makes it practically impossible to dismantle it," Manoj points out.
Users
can protect their computers from Storm Worm by resisting the temptation of clicking
on season's greetings or other messages that require them to visit unknown websites
and to download files, Manoj says. It is also equally important to keep their
AntiVirus and Spam Control systems up-to-date, he adds.
MicroWorld
MicroWorld (www.msspl.co.in ) are
the developers of the world's first Real-Time AntiVirus and Content Security software
eScan for
desktops and servers. Its communication security software, MailScan
is the first comprehensive e-mail scanner for your SMTP/POP3 Mail Server.
MicroWorld Winsock Layer (MWL) is the revolutionary technology
underlying these products, powering them to several certifications and awards
by some of the most prestigious testing bodies, notable among them being Virus
Bulletin, Checkmark, TUCOWS, Red Hat Ready, and Novell Ready. Combining their
powerful scanner with MWL technology, MicroWorld solutions provide a Real-Time
Proactive security for your systems. For network security of enterprises, eConceal
Firewall is the latest powerful offering from MicroWorld.
To learn
more, kindly visit http://www.msspl.co.in
