homepage Welcome to WebmasterWorld Guest from 54.204.249.184
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
Forum Library, Charter, Moderators: rogerd

Community Building and User Generated Content Forum

    
Storm Warning: New Worm Attacks Forums and Blogs
rogerd




msg:3267351
 3:18 am on Mar 1, 2007 (gmt 0)

ZDNet warns that there is a new variant of the Storm worm spreading that, when a user with an infected PC makes a blog or forum post, adds a link to an infected site.

[news.zdnet.com...]

No, a virus didn't add that link to this post. :)

 

phranque




msg:3267356
 3:25 am on Mar 1, 2007 (gmt 0)

i also posted about this under the ms windows forum [webmasterworld.com].
the computerworld article linked there has a fair amount of technical detail decribing the behavior.

camweh




msg:3267413
 4:46 am on Mar 1, 2007 (gmt 0)

Might be worth telling forum members to mention in the the body of their posts if they are adding a link.

phranque




msg:3267419
 4:55 am on Mar 1, 2007 (gmt 0)

Might be worth telling forum members to mention in the the body of their posts if they are adding a link.

from the computerworld article:
"It inserts 'Have you seen this link?' along with a link to what seems to be a video," Alperovitch said.

that teaser text could be adjusted to the locally acceptible phrase...

madmatt69




msg:3267430
 5:10 am on Mar 1, 2007 (gmt 0)

Does anyone know if any particular forum software is overly vulnerable?

Just looked on the phpbb.com site and there's no mention of it. Wondering if there are any patches available yet.

rocknbil




msg:3267505
 7:55 am on Mar 1, 2007 (gmt 0)

. . . in the form of e-mails with attachments that, when opened, loaded malicious software onto victims' PCs....

Is it "me" or does almost every virus alert open with this statement?

phranque




msg:3267510
 8:13 am on Mar 1, 2007 (gmt 0)

mm69: phpBB and VBulletin is what i've read so far...

wheel




msg:3267669
 12:17 pm on Mar 1, 2007 (gmt 0)

Nobody posts at my forum, so I'm good.

zCat




msg:3267680
 12:26 pm on Mar 1, 2007 (gmt 0)

Sounds like it affects any forum / blog-type system, because the "malicious payload" is being smuggled in along with legitimate posts from infected users - it doesn't rely on vulnerabilites in any particular server-side software.

It would be interesting to know if there is any pattern to the malicious URLs posted.

wheel




msg:3267698
 12:54 pm on Mar 1, 2007 (gmt 0)

I think there is a pattern. The vbulletin site has a thread where someone mentions a specific link they've added to their censorship software. Just do a search for storm virus on the site.

phranque




msg:3267721
 1:27 pm on Mar 1, 2007 (gmt 0)

the added link is a url at mailfreepostcards dot com or at the ip address 66 dot 148 dot 74 dot 7.
those addresses are unreliable however.
here is the description of the mespam trojan by symantec [symantec.com].
the ultimate goal of the malware is to include the computer in a peacomm-based zombie botnet described here by symantec [symantec.com].

grandpa




msg:3267746
 1:40 pm on Mar 1, 2007 (gmt 0)

I've seen that url in some public comments on one of my sites. They comments were obvious spam attempts, not legitimate comments, so they got zapped.

I'm with wheel on this one, at least 'someone' has taken an interest in my forum...

AlexK




msg:3269107
 4:01 pm on Mar 2, 2007 (gmt 0)

grandpa:
at least 'someone' has taken an interest in my forum...

There was an Arlo Guthrie song in my youth. The song recounts how he made a phone call from a payphone to the FBI. In seconds the FBI ran thousands of checks on him, but then concluded that he was a "nobody", and ignored him.

There is a perverse comfort in the fact that--at the very least--the spammers and scammers are interested in you.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / WebmasterWorld / Community Building and User Generated Content
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved