subscribe to our feed.
It’s getting pretty hectic out here in Internetland. Remember the Storm Trojan I mentioned mere days ago? Well, from the looks of it, the same group of hackers responsible for the upkeep and distribution of the e-mail version of the Storm trojan have another trick to their names. This trick has to do with Google’s Blogger posting tool; by posting fake entries to compromised Blogger pages, links to websites that install malicious software are showing up on blogs all over the Net.
The malicious software is basically the same as what has circulated over the Storm trojan emails. Once installed, it assimilates the infected computer into a hacker’s botnet for a number of purposes. For one, an infected computer could be mined for all kinds of data, or it could also be used for other brute force attacks. An expanded view upon the former is that if the PC had any information about Blogger accounts, they would almost certainly be used to propagate the fake posting even further. Eventually, another user would get infected somehow, and the cycle would continue.
Of course, this goes beyond the capabilities of the Storm trojan. It extends to the capabilities of the hackers themselves; the virus is constantly being updated to evade anti-virus programs and the content is changing constantly. The Storm trojan got it’s name from one of the original payloads: it would mention the severe storms in Europe back in January, when the trojan started to spread, but the messages and posts have been changed to fit the current news, so it’s pretty inconspicuous. The fact that they’ve extended the attacks into such an application as Blogger is even more unsettling.
I really wish I had some good news, but from what it looks like, we are on our own for this. The best advice I can give you is to watch what you click on: I’m sure I don’t have to tell you how fishy it looks for a digital greeting card to automatically install software on your PC…
Picture courtesy of: Blogger;
If you would like to make a comment, please fill out the form below.
There have been a lot of greeting cards arriving in my mail box. I always deleted without opening. Is that one of these trojans?
It’s possible. The card itself is just a way to get unsuspecting users to install the software they think they’ll need to view it; in reality, the download contains the Storm trojan.
If you aren’t expecting any cards, I would do just what you have and delete them right on the spot. Everything I’ve seen says this is just a nasty bug to deal with.