Hydra-headed 'Storm' attack starts
Web-based attack poses as greeting card, tries three exploits
Computerworld - A new round of greeting-card spam that draws users to visit attack sites relies on a sophisticated multipronged, multiexploit strike force to infect machines, security professionals said late today.
The quick browser status exam in this attack is somewhat similar to one used in a different exploit tracked by Symantec Corp. since Tuesday, but the two are not connected, said Oliver Friedrichs, director of Symantec's security response group. "They're using two different tool kits, but they're both prime examples that exploits against browsers are more and more prevalent," he said.
Today's greeting-card gambit tries a trio of exploits, moving on to the second if the machine is not vulnerable to the first, then on to the third if necessary. The first is an exploit against a QuickTime vulnerability; the second is an attack on the popular WinZip compression utility; and the third, dubbed "the Hail Mary" by the ISC, is an exploit for the WebViewFolderIcon vulnerability in Windows that Microsoft Corp. patched last October.
"Every Storm-infected system is potentially capable of hosting the malware and sending the spam, but only a few will be used in any given run," said the alert, "depending on how many e-mails they want sent and how many Web hits they're expecting."
Hackers haven't abandoned the practice of attaching malware to e-mail, then counting on naive users to open the file, said Friedrichs. But malware-hosting sites are the trend. "It's much more difficult to send a full malicious file," he said, because of users' learned reluctance to open suspicious files and filtering and blocking tactics by security software.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts