Storm DDoS hits anti-scam sites

Posted by   Virus Bulletin on   Sep 10, 2007

419 fighters attacked - NFL and TOR latest spam hooks.

The massive botnet amassed by the 'Storm' (Zhelatin/Nuwar/Dorf/etc.) attack continues to target new victims, with the TOR online anonymity system and the start of the NFL season in the US the latest social engineering tactics to trick spam recipients into installing the trojans. Over the weekend, the zombie network, thought to include over a million compromised systems, has been put to use attacking sites dedicated to combating online scams, such as the infamous '419' (a.k.a. 'Letter From Nigeria') scam.

Emails hitting inboxes last week claimed to be promoting TOR's software for secure and anonymous online communication, with links as usual leading to trojans rather than the genuine software. Over the weekend, the attack has retargeted itself to use the start of the NFL season, using accurate game information and stats to lure users into downloading a free 'game-tracker' tool, which again is in fact Storm malware.

The steadily growing botnet is rumoured to be available for hire for a variety of nefarious purposes. Late last week and over the weekend heavy DDoS bombardments have been hitting a string of anti-scam sites, including 419Eater, Scamwarners and Artists against 419 (all of which were offline at the time of writing). A report on, which like other anti-spam sites such as Spamhaus has been subjected to attack by the Storm botnet in the past, attributes this latest attack to the same source.

The Spamnation report is here. Details and screenshots of the latest email bombardments are at F-Secure here and here.

Posted on 10 September 2007 by Virus Bulletin



Latest posts:

VB2018 video: Triada: the past, the present and the (hopefully not existing) future

Today we publish the video of the VB2018 presentation by Google researcher Lukasz Siewierski on the Triada Android malware and Google's work with OEMs to remove it from infected devices.

VB2018 paper: Uncovering the wholesale industry of social media fraud: from botnet to bulk reseller panels

Today, we publish the VB2018 paper by Masarah Paquet-Clouston (GoSecure) who looked at the supply chain behind social media fraud.

VB2018 paper: Now you see it, now you don't: wipers in the wild

Today, we publish the VB2018 paper from Saher Naumaan (BAE Systems) who looks at malware variants that contain a wiper functionality. We also publish the recording of her presentation.

Emotet trojan starts stealing full emails from infected machines

The infamous Emotet trojan has added the capability to steal full email bodies from infected machines, opening the possibilities for more targeted spam and phishing campaigns.

VB2018 paper: Who wasn’t responsible for Olympic Destroyer?

Cisco Talos researchers Paul Rascagnères and Warren Mercer were among the first to write about the Olympic Destroyer, the malware that targeted the 2018 PyeongChang Winter Olympic Games. Today, we publish the paper they presented at VB2018 about the…

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.