• On TechRepublic: What not to do at your holiday party
advertisementClick to Save up to $300/yr on calls
January 9, 2008 12:07 PM PST

Phishers now leasing the Storm worm botnet

Posted by Robert Vamosi
  • Font size
  • Print

A number of phishing sites have cropped up within the last day using domains previously attributed to the Storm worm botnet. Last fall, Storm was used in a series of pump-and-dump stock spam blasts, including a unique MP3-based spam blast, but researchers at F-Secure don't think the original authors of Storm are necessarily trying something new. F-Secure said Tuesday that "October brought evidence of Storm variations using unique security keys. The unique keys...allow the botnet to be segmented allowing 'space for rent.'" They think phishers are leasing parts of the larger botnet.

F-Secure cites a Halifax bank as one of the phishing targets, while Trend Micro identifies the Royal Bank of Scotland as another. What connects these sites are the server domains hosting the pages. Trend Micro said Tuesday it detected the hosts "while watching domain activity normally associated with suspected RBN (Russian Business Network) -associated activities."

The original Storm worm code, so named because it coincided with a severe winter storm in Europe, will celebrate its first anniversary next week, on or around January 19.

Topics:

Criminal Hackers,

Phishing,

Security

Tags:

security,

Storm worm,

F-Secure,

Trend Micro,

phishing

Bookmark:
Digg
Del.icio.us
Reddit
Recent posts from Defense in Depth
How to handle ID fraud's youngest victims
Is white listing going mainstream?
How Live OneCare changed the antivirus landscape
Express Scripts clients threatened with extortion
Study: DDoS attacks threaten ISP infrastructure
Security expert talks Russian gangs, botnets
Extortion used in Express Scripts database breach
WPA wireless encryption cracked
Add a Comment (Log in or register) 1 comment
RBN Spreads the storm worm botnet.
by ipollesion January 10, 2008 11:21 AM PST
You must all be careful because behind this worm is an un-legitimate business called RBN which I would advise you to all research yourself if you are into computers and hacking. AKA Russian Business Network.
Reply to this comment
advertisement

In the news now

Slowing expectations at a green-tech start-up

Six months ago, biofuels start-up Mascoma had the wind in its sails, as did the rest of the clean-tech sector. Now, the company is treading carefully and scaling back.


With JavaFX, Sun seeks new coders, new revenue

With the launch of JavaFX 1.0, Sun is trying to reclaim Java's strength as a foundation for rich Internet applications. But it's no longer the incumbent.


Tim Lincecum, motion capture star

San Francisco Giants pitcher, who won the Cy Young award last month, dons a motion capture suit for 2K Sports' Major League Baseball 2K9 video game.


About Defense in Depth

Covering computer viruses and computer crime, Robert Vamosi goes beyond the hype to provide you with expert interviews of the top security researchers, as well as offering the hands-on, nontechnical advice you'll need to stay safe online.

Add this feed to your online news reader

Defense in Depth topics

advertisement
advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
CES
Cell phones
Dell
GPS
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET