“Storm Trojan” Illustrated
We’re happy to report that so far today, Peacomm and Mixor.Qactivity is lighter than the maelstrom of activity we’ve seen inprevious days. We’ve noted no new spam runs today, with the malwaresubmissions and activity levels tapering off a bit as well. Phew! OurSecurity Response team in Pune, India, has pulled together a slickFlash-based run through of the attack, which can be viewed using thefollowing URL:
http://www.symantec.com/content/en/us/home_homeoffice/media/flash/peacomm.html
Just a little more info on this threat you may have not heardbefore—it is communicating over peer-to-peer using the Overnet protocoland network (of eDonkey fame). After connecting to the network, thethreat then searches for some particular hashes (searches are done byhash, not by specific filename) and eventually it receives a reply thatincludes some 'meta tag' information. The meta tag information isencrypted and contains information on where/what to download (e.g.Mixor.Q, Trojan.Abwiz.F). You can stay up-to-date on the outbreak alertfor the Storm Trojan by visiting the Threat Advisory Center.
About Security Response Blog
Our security research centers around the world provide unparalleled analysis of and protection from malware, security risks, vulnerabilities, and spam.
Filter by:
Recently on Twitter
- Strange Case of W32.Xpaj.B as Patient Zero http://t.co/8872Zu17 #virus24 May 2012
- A legitimate digitally signed file is misused in order to load #malware on to a computer: http://t.co/wZjNKKCh24 May 2012
- ZTE Score: Privilege of Escalation in a Nutshell http://t.co/Svj5T57F23 May 2012
- #Worm Posts on SNS Sites and Wipes out Rivals http://t.co/RWRIZdzU18 May 2012
- Beware #419 scams taking advantage of the #Facebook IPO: http://t.co/7TPOvR8w18 May 2012