Hydra-headed 'Storm' attack starts
Web-based attack poses as greeting card, tries three exploits
Computerworld - A new round of greeting-card spam that draws users to visit attack sites relies on a sophisticated multipronged, multiexploit strike force to infect machines, security professionals said late today.
The quick browser status exam in this attack is somewhat similar to one used in a different exploit tracked by Symantec Corp. since Tuesday, but the two are not connected, said Oliver Friedrichs, director of Symantec's security response group. "They're using two different tool kits, but they're both prime examples that exploits against browsers are more and more prevalent," he said.
Today's greeting-card gambit tries a trio of exploits, moving on to the second if the machine is not vulnerable to the first, then on to the third if necessary. The first is an exploit against a QuickTime vulnerability; the second is an attack on the popular WinZip compression utility; and the third, dubbed "the Hail Mary" by the ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft Corp. patched last October.
"Every Storm-infected system is potentially capable of hosting the malware and sending the spam, but only a few will be used in any given run," said the alert, "depending on how many e-mails they want sent and how many Web hits they're expecting."
Hackers haven't abandoned the practice of attaching malware to e-mail, then counting on naive users to open the file, said Friedrichs. But malware-hosting sites are the trend. "It's much more difficult to send a full malicious file," he said, because of users' learned reluctance to open suspicious files and filtering and blocking tactics by security software.
- Enable secure remote access to 3D data without sacrificing visual perfomance Design and manufacturing companies must adapt quickly to the demands of an increasingly global and competitive economy. To speed time to market for...
- Virtually Delivered High Performance 3D Graphics "A picture is worth a thousand words." That old phrase is as true today as it ever was. Pictures (i.e., those with heavy...
- Best Practices for Securing Hadoop Historically, Apache Hadoop has provided limited security capabilities. To protect sensitive data being stored and analyzed in Hadoop, security architects should use a...
- Top Tips for Securing Big Data Environments: Why Big Data Doesn't Have to Mean Big Security Challenges Organizations must come to terms with the security challenges they introduce. As big data environments ingest more data, organizations will face significant risks...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Responding to New SSL Cybersecurity Threat The featured Gartner research examines current strategies to address new SSL cybersecurity threats and vulnerabilities. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!