Storm Botnet Celebrates Birthday With Fireworks
The Basics
I read about MX Logic's prediction this morning (www.computerworld.com/action/article.do) that we should expect another wave of Storm Bot recuitment emails likely using the US Independence Day holiday as a lure. This group behind the Storm Botnet has always been concious of timing and shortly after 5pm Eastern time I began to receive reports that a new wave had started.
There's nothing very different about this one, it directs the user to click on a link that encourages the intended victim to download fireworks.exe.
Gary Warner has a nice starter collection of Subjects, Bodies, and hosting IPs for those who need to set up blocks and filters available here: garwarner.blogspot.com/2008/07/storm-worm-salutes-our-nation-on-4th.html I'm sure that the list will continue to grow. I'd recommend that you play it safe by blocking all attemtps to download fireworks.exe at your perimeter (your environment may vary, but I can't see any business justification for any executables named fireworks to be downloaded by my users-- I know "Kevin is no fun.")
Fireworks of Fireworks.exe
Russ McRee did a nice little write-up and visualization of the bots traffic. I think it's prettier than what the lure-video promised. It's available here: holisticinfosec.blogspot.com/2008/07/visualized-storm-fireworks-for-your-4th.html
So What?
A reader wrote in asking: "I am interested to know, how it is possible, that the storm worm is still able to be such a threat, that ISC needs to report about it?"
Great question.
My morning pre-caffein answer:
I don't consider these Storm Bot-net waves to be so much of a threat-- I consider them like an EICAR for an organization's incident response process. If your security policies and incident response procedures are having difficulty with this kind of event, they both need some assistance and re-tooling.
Comments
www
Nov 17th 2022
6 months ago
EEW
Nov 17th 2022
6 months ago
qwq
Nov 17th 2022
6 months ago
mashood
Nov 17th 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Nov 23rd 2022
6 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
isc.sans.edu
Dec 3rd 2022
5 months ago
<a hreaf="https://technolytical.com/">the social network</a> is described as follows because they respect your privacy and keep your data secure. The social networks are not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go.
<a hreaf="https://technolytical.com/">the social network</a> is not interested in collecting data about you. They don't care about what you're doing, or what you like. They don't want to know who you talk to, or where you go. The social networks only collect the minimum amount of information required for the service that they provide. Your personal information is kept private, and is never shared with other companies without your permission
isc.sans.edu
Dec 26th 2022
5 months ago
isc.sans.edu
Dec 26th 2022
5 months ago