Posted by Virus Bulletin on Sep 10, 2007
419 fighters attacked - NFL and TOR latest spam hooks.
The massive botnet amassed by the 'Storm' (Zhelatin/Nuwar/Dorf/etc.) attack continues to target new victims, with the TOR online anonymity system and the start of the NFL season in the US the latest social engineering tactics to trick spam recipients into installing the trojans. Over the weekend, the zombie network, thought to include over a million compromised systems, has been put to use attacking sites dedicated to combating online scams, such as the infamous '419' (a.k.a. 'Letter From Nigeria') scam.
Emails hitting inboxes last week claimed to be promoting TOR's software for secure and anonymous online communication, with links as usual leading to trojans rather than the genuine software. Over the weekend, the attack has retargeted itself to use the start of the NFL season, using accurate game information and stats to lure users into downloading a free 'game-tracker' tool, which again is in fact Storm malware.
The steadily growing botnet is rumoured to be available for hire for a variety of nefarious purposes. Late last week and over the weekend heavy DDoS bombardments have been hitting a string of anti-scam sites, including 419Eater, Scamwarners and Artists against 419 (all of which were offline at the time of writing). A report on Spamnation.info, which like other anti-spam sites such as Spamhaus has been subjected to attack by the Storm botnet in the past, attributes this latest attack to the same source.
The Spamnation report is here. Details and screenshots of the latest email bombardments are at F-Secure here and here.
Posted on 10 September 2007 by Virus Bulletin
