Malware Outbreak Report: "Storm Love"
On January 15th, IronPort analysis labs detected a Valentines Day-themed attack that the Storm attack network is launching in advance of February 14th. This campaign uses a blended attack that combines both Email Spamming and malicious HTTP landing pages.
Over the past year, the Storm malware has continued to mutate and proliferate. January marks the one-year anniversary since the initial release of Storm. Storm continues to use events within popular culture to social engineer users into viewing the email and subsequently opening the malicious HTTP link.
IronPort stopped this most recent Storm attack within minutes through the combination of several technologies:
IronPort Reputation Filters: IronPort uses its SenderBase Network to assign reputation scores to Internet IP addresses based on their likelihood to send spam or host malicious websites.
The Email Reputation system blocks 80% of spam at the gateway – including Storm Spam.
The IronPort Web Reputation blocks protected networks from connecting to the Storm HTTP landing pages and the DVS scan engine will block the download of an infected executable. This Storm version may also contain a Phishing component – and despite not being currently active, the Phishing URLs have been preemptively blocked to ensure ongoing customer protection.
SenderBase is aware of the majority of Storm infected PCs and blocked these suspicious senders from sending Storm Spam proactively. For more detailed information about Storm please see IronPort's 2008 Internet Security Trends: http://www.ironport.com/securitytrends/
No comments:
Post a Comment