Storm the NFL and a Malware Hosting Report

The recent "Storm Worm" emails are still evolving. The latest email is related to NFL football; just click on the link in the email and it brings you to a page where you can click any link to get the "NFL Game Tracker" (it's free!).

Every link on that page will get you the 'tracker.exe' worm. Click on a link, and game over.

It's not hard to find any site that has been compromised with "inappropriate" content. Not all webmasters (or hosting firms) are as careful as they could (and should) be. One can use their favorite search engine to search for inappropriate words on specific sites (in Google, you use the "site:" parameter in your search string, or go into Advanced Search settings to specify specific domains). The result will be thousands of sites with inappropriate content.

Many of those sites are hosting, without their knowledge, pages that just contain links (used by the evildoer to increase search ratings or provide ad-click revenue). Or they may contain client-side attacks, which try to install evil software covertly ("drive-by attacks") or overtly (through social engineering -- e.g. 'click here to clean your computer') that will turn your computer into a remotely controlled 'bot. Much of the spam lately (such as the 'e-card' and others) is related to the "Storm Worm" gang which use similar social engineering techniques to get you to an infected web site.

An interesting analysis of client-side attacks is found at the "HoneyNet Project" site ( http://www.honeynet.org/papers/mws/ , then click on the PDF to get the white paper). It's an interesting paper; although one expects an adult-oriented site to be more dangerous, even a news or music site can be a risk.

The paper concludes with defense recommendations, which closely parallel the "Safe Computing" practices we've discussed in the past: updates, patches, anti-virus/spyware protection, carefully evaluating links before clicking, not installing add-in software when prompted on a site, avoiding "fix your computer now" popups, staying away from the Internet's dark side, etc.

The Internet is a wondrous place, but, like any city, there are areas to avoid, and 'offers for help' to refuse.