Blogs being infected by Storm Worm

A new variant of the Storm worm Trojan is infecting various

  • Blogs
  • Web mail
  • Web-based message forums

The number of PCs infected by it are on the rise.

ORIGIN
The worm is also known as the ‘Small.DAM’ Trojan. It was first seen in the U.S. in mid-January. It originated somewhere in Europe.

MODES OF INFECTION
1- By email: A link is present in the infected e-mail which when clicked downloads a series of malware components onto the victim’s computer.
2- Once a computer is infected, it is able to further inject itself into the network as a root kit.

After infecting a PC, the Storm Worm analyzes all outbound Web traffic. When someone with an infected PC sends a message with Hotmail, Gmail, or Yahoo! Mail, or posts a message to an online forum or blog, the Trojan is actually able to add text to the entry or message. The Storm Worm adds a ‘Have you seen this?’ link along with another link to what appears to be a video. If anyone proceeds to click on that link, their computer will become infected.

Thousands of blog entries on various blogs have been observed to have been posted from computers infected with the worm. All these postings are further spreading the worm through unsuspecting readers.

Thousands of privately owned computers had been affected in the U.S. Most users do not notice any suspicious Trojan activity on their PCs.

PROTECTION
1- The best way users can protect themselves is to refrain from clicking on such links.

2- The anti virus products from following developers can successfully detect the worm;

  • Authentium
  • BitDefender
  • clamAV
  • eSafe
  • FProt
  • Kaspersky
  • Norman
  • Sophos
  • Virusbuster

Related links;

‘Storm’ Worm Touches Down on IM

Storm Blows Through the Internet

‘Storm’ Worm Continues Surge Around Globe

‘Storm Worm’ Sweeps Into U.S.