TAKE CARE WITH NEWS AND GREETING CARD ATTACHMENTS

10 August 2007

Storm wave is biggest email attack on the Internet in years

Be careful of those emails with breaking news or e-greeting card attachments which are becoming increasingly common and could bring more grief than information or good wishes. Researchers are reporting huge volumes of virus-laden material arriving in email in-boxes everywhere.

Information Week reports that the chief culprit is the Storm worm, which has apparently grown into a prolonged online siege 10 times larger than any other e-mail attack in the last two years, assembling a criminal botnet of nearly 2 million computers that researchers fear may be used for extortionate Distributed Denial of Services assaults.

Between July 16 and Aug. 1, researchers at software security firm Postini have recorded 415 million spam e-mails luring users to malicious Web sites, according to Adam Swidler, a senior manager with Postini.

Before the Storm worm began its attack, an average day saw about 1 million virus-laden e-mails crossing the Internet. On July 19, Postini recorded 48.6 million and on July 24, researchers tracked 46.2 million malicious messages - more than 99 percent of them bearing the Storm worm.

Researchers at SecureWorks are seeing similar staggering numbers too, reports Information Week.

Joe Stewart, a senior security researcher at SecureWorks, noted that the number of zombie computers that the Storm worm authors have amassed has skyrocketed in the past month. From the first of January to the end of May, the security company noted that there were 2 815 bots launching the attacks. By the end of July, that number had leapt of 1.7 million.

"It's really gotten enormous," said Stewart. "It's been building with exponential growth. It's one of the largest botnets I've ever heard of."

Both Stewart and Swidler said they think the Storm worm authors are cultivating such an enormous botnet to do more than simply send out increasing amounts of spam. All of the bots are set up to launch denial-of-service (DoS) attacks and they fear that may be the intention.

Denial-of-service attacks - sometimes called DoS - are designed to pound each computer with countless questions that flood its ability to respond, effectively taking the machine and its network down.

"When a computer is added to a botnet, without the owner even knowing it, it becomes a platform for issuing further attacks," said Swidler. "I shudder to think should they turn this botnet on an organization... It's harnessing the benefits of the grid computing architecture for evil purposes."

Stewart added that the botnet has been launching small DoS attacks, but only a small percentage of the botnet has been used for it and the attacks have only been directed at seemingly random IP addresses or small organizations. A large directed attack could be much different.

"At any time, the botnet could launch a massive attack at anyone. We're wondering if it's being geared up for some sort of large scale attack," said Stewart. "Who couldn't they take offline with all the computers in this botnet?.. They could take a small country out."

This past May, Estonia, a country in Eastern Europe, was hammered with a DoS attack from a botnet. Swidler said he believes there's a good chance that the Storm worm authors were behind the Estonia attacks.

SecureWorks is warning IT managers and home users that they need to be aware of the scams connected to the Storm worm, which include e-mails with links leading to fake e-cards and news stories highlighting catastrophic events.

Bottom line - be extremely cautious and alert when receiving attachments to emails.

Online Casino News courtesy of InfoPowa