Network News

X My Profile
View More Activity

Storm Worm Authors Turn to YouTube Lures

Security Fix has spilled quite a bit of digital ink warning readers about the ever changing tactics of criminals behind the the indefatigable "Storm worm." This week's tactic (or today's as the case may be) involves e-mailed Web links disguised as video clips from

Here's one example that I received yesterday:

The link in the image on the right does not take the clicker to, but to an Internet address of a home computer that the bad guys have compromised and are using to serve up malicious software. If you hover such a link with your computer mouse, it should reveal that the true address is a dotted IP address (e.g. http://72.15.x.x), not a page at

After a user clicks through to one of the Storm addresses, the machine at that address will attempt to exploit a kitchen sink of known Web browser and other software security vulnerabilities. If the would-be victim is invulnerable to these attacks, he or she will be prompted to simply download and run the malicious code.

The Storm worm is already hugely successful, with estimates of infected machines in the many millions worldwide. This clever tactic, however, is likely to significantly increase the pool of sickened machines.

By Brian Krebs  |  August 27, 2007; 10:22 AM ET
Categories:  Fraud , Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Pharmacy Spam Blogs At U.S. Nuclear Safety Lab
Next: Hacking Groceries: Internet Coupon Fraud


Thanks for your post -- I cannot believe how many of these emails I am receiving this week. I try setting up filters in Entourage for them, but they change the words slightly in the "subject" line. I worry the most about my 75 year old parents who click on some of these types of emails.

Posted by: rjrjj | August 27, 2007 2:50 PM | Report abuse

To rjrjj - A suggestion for your parents - or anyone: an email account at Google. Gmail has the best filter ever and that is where I received these easily 100 examples of the one shown by Brian. When I go thru my spam box I am much more alert to viruses & worms than if it were just coming in with the rest of my mail. I didn't know it was the Storm worm until now but Google made it easy to avoid.

Posted by: Emilie | August 28, 2007 11:51 AM | Report abuse

When the perpetrators of this sort of thing are caught they should be treated with compassion.

In this case, my definition of "compassion" includes sand dunes, ants, and honey. It includes burning splinters and fingernails. It includes third rails. It includes pouring a can of beef consomme over the head and turning 20 puppies loose. And it includes the ultimate in compassion: Being forced to watch 22 reels of home movies, complete with narration.

I receive some 50 or 100 of these types of messages a day. They have filled the catch-all mailboxes of Websites I host, sites where the mail is not even supposed to be active.

If you are fed up with spam, the link should warm the cockels of your heart. Before you ask, there is nothing malicious there; it is just a low-tech HTML page.

Enjoy / Despair

Posted by: Backup Bob | August 28, 2007 12:01 PM | Report abuse

This latest round of scummail makes me wonder about computer security at colleges and universities. More and more of the stuff I get comes from '.edu' addresses.

Posted by: Keith Warner | August 28, 2007 6:21 PM | Report abuse

That's quite the idea. Instead of abandoning the platform as hopeless you recommend bartering privacy for security. Google have the worst Internet privacy record in the history of Internet privacy records.

Let's hope no one takes you up on that reckless and foolish offer.

Posted by: Rick | August 28, 2007 9:05 PM | Report abuse


I wouldn't bet the bank on gmail. I was one of the early adopters and loved it at first. You know, before they took it out of beta and opened it up to everyone. Now, they no longer answer questions - I hate forums - and I get about 175 spam messages in a five-day period. Secondly, google needs work on its spam filter. Since these creeps spoof email addresses and constantly change the spelling or words in the subject, it's hard to combat their techniques to set up a usable filter in gmail.

Posted by: umm.huh | August 30, 2007 1:04 PM | Report abuse

I am confused. I have an earthlink email account, and use the Mozilla email client. The spam filters on the client take care of recurring emails from outfits that I get regular mails from. Earthlink must take care of the rest, because I get 1 or 2 spam messages a day, which I instantly and without fail report to Earthlink junkmail, to Spamcop reports, and to I used to get up to 10-12 a day, but that's dropped over the last year.

I do find 106 spam messages in my Earthlink Webmail spamcatcher, accumulated over the last 7 days, so that's part of my good fortune, I reckon.

Posted by: Jim Pivonka | September 1, 2007 12:36 AM | Report abuse

It seems clear to me that the only practical way to tackle this problem is for some white hat hackers to release a competing worm that infects vulnerable machines, removes any malware found, and applies any needed patches and updates. Let's face facts: There are millions of clueless lusers that don't know and don't care about securing their computers, or who have a false sense of security because their machine came with (now-expired) AV software pre-installed, and the criminals get more sophisticated by the minute. Sure, in a perfect, theoretical world it's unethical to infect someone else's computer, but here in the real world where the criminals are winning in a rout, and we have no hope of getting a critical mass of lusers to properly secure their machines, and the idiots in Redmond badly botched what was probably the last, best hope of making Windoze secure with the debacle that is Vista and its worse-than-useless UAC system, sitting back and letting them win is far worse.

Posted by: windoze_sux | September 6, 2007 6:49 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company