0 Replies Latest reply on Jan 11, 2008 9:21 AM by HarryWaldron

    Storm Worm - Phishing attacks from the Botnet

      F-Secure shares an analysis of how the Storm Worm botnet might be used in hosting a phishing attack to gain sensitive privacy or bank account information.

      Storm Worm - Phishing attacks from the Botnet
      http://www.f-secure.com/weblog/archives/00001359.html

      QUOTE: Last night there was a phishing run. The IP address of the site was changing every second or so. The server was an active fast flux site and was hosted within a botnet. Interestingly, when we picked out a random IP address from the list and resolved that address to other sites hosted in the past, we found something familiar (e.g., hellosanta2008 and postcards-2008).

      This sounds like Storm. So somebody is now using machines infected with and controlled by Storm to run phishing scams. We haven't seen this before. October brought evidence of Storm variations using unique security keys. The unique keys will allow the botnet to be segmented allowing "space for rent". It looks as if the Storm gang is preparing tosell access to their botnet.