Storm DDoS hits anti-scam sites

Posted by   Virus Bulletin on   Sep 10, 2007

419 fighters attacked - NFL and TOR latest spam hooks.

The massive botnet amassed by the 'Storm' (Zhelatin/Nuwar/Dorf/etc.) attack continues to target new victims, with the TOR online anonymity system and the start of the NFL season in the US the latest social engineering tactics to trick spam recipients into installing the trojans. Over the weekend, the zombie network, thought to include over a million compromised systems, has been put to use attacking sites dedicated to combating online scams, such as the infamous '419' (a.k.a. 'Letter From Nigeria') scam.

Emails hitting inboxes last week claimed to be promoting TOR's software for secure and anonymous online communication, with links as usual leading to trojans rather than the genuine software. Over the weekend, the attack has retargeted itself to use the start of the NFL season, using accurate game information and stats to lure users into downloading a free 'game-tracker' tool, which again is in fact Storm malware.

The steadily growing botnet is rumoured to be available for hire for a variety of nefarious purposes. Late last week and over the weekend heavy DDoS bombardments have been hitting a string of anti-scam sites, including 419Eater, Scamwarners and Artists against 419 (all of which were offline at the time of writing). A report on, which like other anti-spam sites such as Spamhaus has been subjected to attack by the Storm botnet in the past, attributes this latest attack to the same source.

The Spamnation report is here. Details and screenshots of the latest email bombardments are at F-Secure here and here.

Posted on 10 September 2007 by Virus Bulletin



Latest posts:

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

VB2021 localhost is over, but the content is still available to view!

VB2021 localhost - VB's second virtual conference - took place last week, but you can still watch all the presentations.

VB2021 localhost call for last-minute papers

The call for last-minute papers for VB2021 localhost is now open. Submit before 20 August to have your paper considered for one of the slots reserved for 'hot' research!

New article: Run your malicious VBA macros anywhere!

Kurt Natvig explains how he recompiled malicious VBA macro code to valid harmless Python 3.x code.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.