Jump to content

Storm Worm Changes Course

Humpty

By Humpty
in Windows Security

 Share

Recommended Posts

Humpty

Humpty

Posted
Posted
The authors of the Storm worm (also know as Trojan.Peacomm) have shown an uncanny knack of changing or shedding key components of the threat in order to enhance its persistence and spread. This week saw the latest incarnation of the threat, Trojan.Peacomm.D, reveal itself as halloween.exe or sony.exe. What is most interesting about this latest variant of the Storm worm is that its authors have removed some key functionality that was present in the previous variant, Trojan.Peacomm.C. Specifically, the threat no longer;

1. infects other legitimate drivers on the system. Previous variants infected drivers such as Tcpip.sys and Kbdclass.sys. This was a stealth-like feature used by the threat to start early with the operating system and without loading points in the Windows Registry.

2. injects itself into legitimate processes like Explorer.exe and Services.exe.

 

Instead the threat now relies less on legitimate components on the operating system and has new proprietary components to do its dirty work. The driver associated with the latest variant, noskrnl.sys, works hand in hand with the user mode noskrnl.exe to provide the same stealth-like capabilities that involved more components, both illegitimate and legitimate, in the past.

Symantec Article

Link to comment
Share on other sites
craigathus

craigathus

Posted
Posted

The morons that start "crap" like Storm worm need to get a life! :angry:

No, on second thoughts, they need a Life Sentence!

http://www.piriform.com/ccleaner/builds   :)

 

http://www.piriform.com/docs   :)

   

http://www.postimage.org/   :)

 
Link to comment
Share on other sites
  • Moderators
Andavari

Andavari

Posted
  • Moderators
Posted
The morons that start "crap" like Storm worm need to get a life! :angry:

No, on second thoughts, they need a Life Sentence!

If caught malware authors can get some lengthy sentences and fines. Although some hard yet ironic justice would be locking them up in prison, and giving them worms to eat for their daily food intake.

Link to comment
Share on other sites
Caldor

Caldor

Posted
Posted

$20 000+ USD per month is alot of an incentive for a struggling russian or asian hacker. And most dont get caught. For us who have real jobs and had the luxury of growing up in a stable first world country we simply cant appreciate the hardship some of them have. A few bowl of rice a day and two years of saving for an old computer! I have heard that many times before. They hang our on IRC and sell malware there.

Link to comment
Share on other sites
LUSHER

LUSHER

Posted
Posted
$20 000+ USD per month is alot of an incentive for a struggling russian or asian hacker. And most dont get caught. For us who have real jobs and had the luxury of growing up in a stable first world country we simply cant appreciate the hardship some of them have. A few bowl of rice a day and two years of saving for an old computer! I have heard that many times before. They hang our on IRC and sell malware there.

 

20,000 USD per month seems to be a lot of incentive even if you live in first world countries, unless you are very wealthy...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept