Seventy-seven megabytes of network traffic, 356 spam emails sent and 10,082 unique IP addresses contacted. All in just under 60 minutes.
This is what a system infected by one recent Storm rootkit pumps out. Since Storm first arrived on the scene in January of last year, it has made headlines throughout the world as one of the most successful and persistent threats currently operating in the wild. At Symantec, our global spam traps caught just under 150,000 Storm-generated emails during June and July this year:
And, the tried-and-true method by which the Storm team successfully infects machines hasn't changed either. The method consists of bulk emailing with "interesting" content aimed at enticing the victim into either visiting a Web site or...
As expected, the arrival of the 2008 Olympics in Beijing was accompanied by an increase in Olympics-related spam. From fake news to performance enhancing medication, spammers are taking full advantage of the Games to entice us to click their links and open their attachments.
The majority of the malicious links lead to one of a number of variants of Downloader, Backdoor.Trojan, Infostealer, Trojan.Erotpics, and, more recently, Trojan.Pandex. These threats, which use filenames such as get_flash_update.exe, get_flash_codec.exe and install.exe, are entry points for the target install which is a fake antivirus product.
The tried-and-true method of malicious file delivery for this round is the use of false news stories relating to the Olympics:
This particular link (circled in red in the above...
Due to some confusion with this particularthreat, we’ve decided to provide some further details on the Orkut wormwe blogged on earlier in the week. The worm, recently renamed toW32.Scrapkut, uses active code injection as a vehicle to propagate tothe Orkut friends of its unfortunate victim.
Initially, a malicious scrap is posted to the victim’s scrapbook, containing a link to what appears to be a YouTube video:
When a victim clicks on the link, they are redirected to an externalsite which prompts them to download the file “flashx_player_9.8.0.exe”.For those who read Symantec’s Security Response Blog regularly, you mayrecognize the page in question:
