Storm worm: massive spam attack
A massive spam outbreak that tries to trick recipients into opening a file attachment that can hijack their computers has already broken records, security companies said today. According to researchers at Postini Inc., the spam run is the largest in the last 12 months, and more than three times the volume of the two biggest in recent memory: a pair of blasts in December and January. “We’re seeing 50 to 60 times the normal volume of spam,” said Adam Swidler, senior manager of solutions marketing at Postini. Arriving with subject headings touting Worm Alert!, Worm Detected, Spyware Detected!, Virus Activity Detected!, the spam carries a ZIP file attachment posing as a patch necessary to ward off the bogus attack. The ZIP file, which is password protected — the password is included in the message to further dupe recipients — actually contains a variant of the “Storm Trojan” worm (also known as “Peacomm”), which installs a rootkit to cloak itself, disables security software, steals confidential information from the PC and adds it to a bot army of compromised computers.
There’s little funny about the attack. “We’re seeing both a very high volume of spam and a self-replicating worm,” said Swidler. “This combination is kind of sophisticated. It’s technically sophisticated in how they package the payload, but also in how they’re trying to fool users into clicking on the attachment.” Postini has already counted nearly 5 million copies of the spam in the last 24 hours, and calculated that the run currently accounts for 87% of all malware being spread through e-mail. Spam rates have jumped as well; Postini said 79% of all e-mail is now spam, while rival MessageLabs Ltd. reported a 13% jump in spam’s slice of all messages in just one hour. “Expect this to grow much larger,” Swidler said. “It should top out at 60 million messages within the next 24 hours.” Worse, the malware bundled with the spam is self-replicating, so it’s able to sniff out e-mail addresses on infected PCs and send copies of itself to those recipients. There were some issues with detecting this virus by certain antiviruses - both NOD32 and Kaspersky which are often marked as best product in this category somehow forgot to identify infected emails…
I thought it affects all OSs until I looked up the details.
This is (another) Windows related security issue.
If you use Linux, BSD, Solaris, Mac OSX, etc…You can safely ignore this, it doesn’t concern you.
if you have brains this doesn’t concern you ffs
Whoa?! I can add inches just by reading the attachment?! I’m in!!
Hrm…. okay when was the last time that zip files could have passwords on them ? not on the gnu zip, that’s for sure.
$ zip -h
Copyright (C) 1990-1998 Mark Adler, Richard B. Wales, Jean-loup Gailly,
Onno van der Linden, and Chris Herborth.
Type ‘zip -L’ for the software License.
Zip 2.3i BETA (December 5th 1998). Usage:
zip [-options] [-b path] [-t mmddyyyy] [-n suffixes] [zipfile list] [-xi list]
The default action is to add or replace zipfile entries from list, which
can include the special name - to compress standard input.
If zipfile and list are omitted, zip compresses stdin to stdout.
-f freshen: only changed files -u update: only changed or new files
-d delete entries in zipfile -m move into zipfile (delete files)
-r recurse into directories -j junk (don’t record) directory names
-0 store only -l convert LF to CR LF (-ll CR LF to LF)
-1 compress faster -9 compress better
-q quiet operation -v verbose operation/print version info
-c add one-line comments -z add zipfile comment
-@ read names from stdin -o make zipfile as old as latest entry
-x exclude the following names -i include only the following names
-F fix zipfile (-FF try harder) -D do not add directory entries
-A adjust self-extracting exe -J junk zipfile prefix (unzipsfx)
-T test zipfile integrity -X eXclude eXtra file attributes
-y store symbolic links as the link instead of the referenced file
-R PKZIP recursion (see manual)
-h show this help -n don’t compress these suffixes
zip files have nearly always been able to be password protected.
from back in the days of pkzip to today where there are thousands of compression and deconpression software titles which handle zip files.
Hrm well, surprising.
“ZIP supports a simple password-based symmetric encryption system which is known to be seriously flawed.”
http://en.wikipedia.org/wiki/ZIP_%28file_format%29
Mr. X, 99.9% of the computer users have never heard of gzip.
It is, was, and still is a cheap open source shitty copy of the originl 1987 Winzip for Dos(which had password protection back then). I Like opensource software but they should at least make is as good or better than the original they are trying to copy (ripoff). Gzip is unreliable shit as a lot of Unix and linux users have found to their peril.
gzip, yeah I think it sucks. why have a .tar.gz and xzf when you can have just unzip file.zip ?
As long as people in the software world DONT understand that they cant OPEN everything who they DONT have a clue about they are going to be infected for sure.
Well this sucks, no matter how much I put my email address to put supected spam in the trash, it still in my main email window.. goddamn isp’s support the damn ad-companies.
Mr. X, I don’t know what zip archiver comes with your distribution, but Info-ZIP comes with Ubuntu, which supports encryption. Info-ZIP (bsd licensed) is actually used as the basis for Winzip, Powerarchiver, and others.