New Storm Trojan variant spreads in blogs, forums, Webmail

A new variant of the "Storm" Trojan is injecting its come-on into blogs, Web-based message forums and Webmail as part of an effort to spread itself to an ever-widening net of PCs, according to a security researcher.

Dmitri Alperovitch, principal research scientist at Secure Computing, said today that the Trojan -- best known as the "Storm worm" but also pegged as "Peacomm" and half a dozen other names by anti-virus vendors -- is using a novel approach to spread. "This is a really neat twist, through the Web channel," said Alperovitch.

An initial infection is still carried out via e-mail, which touts a link that when clicked downloads a number of malware components to a victimized machine. Once on a PC, however, the malicious code injects itself into the network stack as a rootkit and analyzes all outbound Web traffic

"It has hooks for boards, e-mail, and blogs," said Alperovitch. When a user on an infected PC posts a message to a forum or blog, or sends a message via popular Web-based mail services such as Hotmail, Gmail, and Yahoo Mail the Trojan adds text to the entry or message.

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9011903