Skip to main content

The Storm Worm Hits Blogger

The Storm Worm is a popular name used for a family of malware, properly classified as a Trojan, which has been plaguing the Internet for several months. It started with the widely circulated spam, about the Storms in Europe, which hit everybody's Inboxes earlier this year.

The spam email started out distributing the worm in attachments to the email, and later changed to delivering it from web sites linked in the spam. Symantec: New Storm Front Moving In tells us that the typical email would contain a link to a "secure" web site, and the linked web site would contain the instruction
If you do not see the Secure Login Window, please install our Secure Login Applet.


Now, it is being distributed through Blogger, from blogs marketed to those surfing the Blogosphere through the "Next Blog" link.

It can be seen in a Blog*Spot splog farm, with blogs using intriguing titles like "Dying To Live", "Katrina Thanks", and "Rocking Consumption", and posts with titles like "this video rocks" and "not yet seen on MTV". The blog posts then link to a web site which will instruct you to download and execute "video.exe".

Alex Eckelberry of Sunbelt Software says
This worm is vicious and nasty, and the spams are quite ubiquitous.
and offers a blog post illustrating a typical Blog*Spot infection. Symantec Software describes the email problem as
one of the largest identified surges in the last several months.

This YouTube video by F-Secure is kind of dry, but it should give you an idea what a problem this attack is becoming.
»http://www.youtube.com/v/fm9ikZs5o38

>> (Note): If you go "Next Blog" surfing, watch out for posts like what's illustrated in SunbeltBlog: Storm worm hits Blogger. Any blog, that you encounter through "Next Blog", suggesting a new video that requires you to download and execute any installation program, should be immediately suspect. Ditto any similar email.

We are currently trying to determine the exact nature of the blog posts offering the worm, and whether they are
  1. New blogs, created specifically for the purpose of distributing the worm, by the bad guys,
  2. Existing blogs, hijacked by the bad guys, stolen from the legit owner,
  3. Existing blogs, with posts added by the worm, from a hacked computer used by the legit blog owner.
The reality here affects how safe you are, from blogs published by your friends, and from blogs published by strangers. And it affects how safe your blogs are, should you surf "Next Blog".

Also worth asking is the question
Is the worm spreading through Blogger, or Blog*Spot? Remember, Blogger is not the same as Blog*Spot.


As Avert Labs advises
McAfee Avert Labs expects the spammers to continue using these types of tactics and it will be imperative that users are educated on how to avoid becoming a victim.
So become educated, as that is the best way to protect yourself.

>> Forum thread links: bX-*00065

>> Copy this tag: bX-*00065

>> Top

Comments

can you make this more clear for newbies to internet and its jargon. I'm just now learning html. this sounds frightful.
Chuck said…
I will see what else I can write, to expand upon this. For your own sake, though, and not just to deal with this post, I advise you to learn to speak the language here. Please.

And it is indeed frightful. Over 1/3 of all blogs are crap like what I'm describing. Go "Next Blog" surfing, and see. But go only if you have a strong stomach, and are not easily upset.

Popular posts from this blog

Custom Domain Migration - Managing The Traffic

Your blog depends upon traffic for its success.

Anything that affects the traffic to your blog, such as any change in the URL, affects the success of your blog. Publishing the blog to a custom domain, like renaming the blog, will affect traffic to your blog. The effects of the change will vary from blog to blog, because of the different traffic to every different blog.Followers. People who find your blog because of recommendations by other people.Search engines. Robotic processes which methodically surf your blog, and provide dynamic indexing to people who search for information.Subscribers. People who read your content from their newsfeed reader, such as the dashboard Reading List.Viewers. People who read your content from their browser.No two blogs are the same - and no two blogs will have the same combinations of traffic sources.

Stats Components Are Significant, In Their Own Context

One popular Stats related accessory, which displays pageview information to the public, is the "Popular Posts" gadget.

Popular Posts identifies from 1 to 10 of the most popular posts in the blog, by comparing Stats pageview counts. Optional parts of the display of each post are a snippet of text, and an ever popular thumbnail photo.

Like many Stats features, blog owners have found imaginative uses for "Popular Posts" - and overlook the limitations of the gadget. Both the dynamic nature of Stats, and the timing of the various pageview count recalculations, create confusion, when Popular Posts is examined.