Storm DDoS hits anti-scam sites

Posted by   Virus Bulletin on   Sep 10, 2007

419 fighters attacked - NFL and TOR latest spam hooks.

The massive botnet amassed by the 'Storm' (Zhelatin/Nuwar/Dorf/etc.) attack continues to target new victims, with the TOR online anonymity system and the start of the NFL season in the US the latest social engineering tactics to trick spam recipients into installing the trojans. Over the weekend, the zombie network, thought to include over a million compromised systems, has been put to use attacking sites dedicated to combating online scams, such as the infamous '419' (a.k.a. 'Letter From Nigeria') scam.

Emails hitting inboxes last week claimed to be promoting TOR's software for secure and anonymous online communication, with links as usual leading to trojans rather than the genuine software. Over the weekend, the attack has retargeted itself to use the start of the NFL season, using accurate game information and stats to lure users into downloading a free 'game-tracker' tool, which again is in fact Storm malware.

The steadily growing botnet is rumoured to be available for hire for a variety of nefarious purposes. Late last week and over the weekend heavy DDoS bombardments have been hitting a string of anti-scam sites, including 419Eater, Scamwarners and Artists against 419 (all of which were offline at the time of writing). A report on, which like other anti-spam sites such as Spamhaus has been subjected to attack by the Storm botnet in the past, attributes this latest attack to the same source.

The Spamnation report is here. Details and screenshots of the latest email bombardments are at F-Secure here and here.

Posted on 10 September 2007 by Virus Bulletin



Latest posts:

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.