A Websense Security Lab blog posting on Tuesday reported that new messages being generated by Storm's army of zombie computers contain links that are infected at the root level (such as http://IP address), which enables medical spam sites linked to the messages to evade spam filters.
The Websense blog posted samples of the new Storm messages, which are formatted with an IP address and a short random directory name, with subject lines including, “You won't spend too much for these meds!” A link contained in the message sends the recipient to a bogus professional-looking medical site called “Canadian Pharmacy, #1 Internet Online Drugstore.”
Earlier this month, the Storm worm trojan continued its holiday-themed onslaught – first seen in fake Christmas and New Year's messages – with a massive wave of “love” notes that attempt to deliver malicious code to a recipient's PC.
Researchers at Sophos said the Valentine-inspired attack metastasized this month to the point where it was making up almost eight percent of overall email traffic.
The Valentine-themed email blitz came on the heels of two phishing attacks on major international banks that are believed to have been mounted using the Storm botnet, the first such assault on the financial sector emanating from the Storm network, which many researchers believe originated in Russia.
The Fortinet Global Security Research team reported that attackers first targeted Barclays bank, and then shut down their bogus Barclays phishing site on detection by Fortinet and mounted a new attack on Halifax Bank customers, according to Guillaume Lovet, Fortinet Threat Response Team manager.
See original article on scmagazineus.com
Storm makes house calls: New messages lead to bogus medical sites, evade filters
By Jack Rogers on Jan 31, 2008 10:47AM