Storm Worm Responsible for Spam Spike
MessageLabs analyzed patterns in Strom work activity and discovered a spike in spam two days later according to The Register.
The worm is propagating rapidly in part because it the developers use techniques to change the code every half-hour to avoid signature detection along with fast-flux DNS techniques to protect their hosting sites from detection
The article offers some additional details on how Storm spreads:
Although the body text and subject line keep changing, the emails always consist of simple text or HTML including a single link to an IP address. That IP address refers to another infected machine within the botnet, which subsequently redirects to a back-end server in an attempt to infect the victim with a copy of the Storm Worm Trojan code. The back-end server automatically re-encodes the malware every thirty minutes to make signature detection difficult for traditional anti-virus vendors. ... The location of the command and control servers used to manipulate the botnet are safeguarded behind a rapidly-changing DNS technique known as ‘fast-flux’, making it difficult to locate and take down hosting sites and mail servers.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
