Tibs - Ways of Action

Ways of Action

Originally propagated in messages about European windstorm Kyrill, the Storm Worm has been seen also in emails with the following subjects:

During our tests we saw an infected machine sending a burst of almost 1,800 emails in a five-minute period and then it just stopped

Amado Hidalgo, a researcher with Symantec's security response group.
  • A killer at 11, he's free at 21 and kill again!
  • U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
  • British Muslims Genocide
  • Naked teens attack home director.
  • 230 dead as storm batters Europe.
  • Re: Your text
  • Radical Muslim drinking enemies's blood.
  • Chinese/Russian missile shot down Russian/Chinese satellite/aircraft
  • Saddam Hussein safe and sound!
  • Saddam Hussein alive!
  • Venezuelan leader: "Let's the War beginning".
  • Fidel Castro dead.
  • If I Knew
  • FBI vs. Facebook

When an attachment is opened, the malware installs the wincom32 service, and injects a payload, passing on packets to destinations encoded within the malware itself. According to Symantec, it may also download and run the Trojan.Abwiz.F trojan, and the W32.Mixor.Q@mm worm. The Trojan piggybacks on the spam with names such as "postcard.exe" and "Flash Postcard.exe," with more changes from the original wave as the attack mutates. Some of the known names for the attachments include:

  • Postcard.exe
  • ecard.exe
  • FullVideo.exe
  • Full Story.exe
  • Video.exe
  • Read More.exe
  • FullClip.exe
  • GreetingPostcard.exe
  • MoreHere.exe
  • FlashPostcard.exe
  • GreetingCard.exe
  • ClickHere.exe
  • ReadMore.exe
  • FlashPostcard.exe
  • FullNews.exe
  • NflStatTracker.exe
  • ArcadeWorld.exe
  • ArcadeWorldGame.exe

Later, as F-Secure confirmed, the malware began spreading the subjects such as "Love birds" and "Touched by Love". These emails contain links to websites hosting some of the following files, which are confirmed to contain the virus:

  • with_love.exe
  • withlove.exe
  • love.exe
  • frommetoyou.exe
  • iheartyou.exe
  • fck2008.exe
  • fck2009.exe

According to Joe Stewart, director of malware research for SecureWorks, Storm remains amazingly resilient, in part because the Trojan horse it uses to infect systems changes its packing code every 10 minutes, and, once installed, the bot uses fast flux to change the IP addresses for its command and control servers.

Read more about this topic:  Tibs

Famous quotes containing the words ways of, ways and/or action:

    Separated lovers cheat absence by a thousand fancies which have their own reality. They are prevented from seeing one another and they cannot write; nevertheless they find countless mysterious ways of corresponding, by sending each other the song of birds, the scent of flowers, the laughter of children, the light of the sun, the sighing of the wind, and the gleam of the stars—all the beauties of creation.
    Victor Hugo (1802–1885)

    As I walked on the glacis I heard the sound of a bagpipe from the soldiers’ dwellings in the rock, and was further soothed and affected by the sight of a soldier’s cat walking up a cleated plank in a high loophole designed for mus-catry, as serene as Wisdom herself, and with a gracefully waving motion of her tail, as if her ways were ways of pleasantness and all her paths were peace.
    Henry David Thoreau (1817–1862)

    The most fruitful and natural exercise of our mind, in my opinion, is discussion. I find it sweeter than any other action of our life.
    Michel de Montaigne (1533–1592)