Attacks

The subject matter varies, all such emails are bad news and an attempt to get people to download an exe file.

Sample:

Virus Activity Detected!
Dear Customer,

Our robot has detected an abnormal activity from your IP adress
on sending e-mails. Probably it is connected with the last epidemic
of a worm which does not have official patches at the moment.

We recommend you to install this patch (< --- concealed link) to remove worm files
and stop email sending, otherwise your account will be blocked.

Postmaster

SANS: The ever morphing Storm

AusCERT: High volume of email linking to the “Storm Worm” malware

ABC News reports the FBI has identified 1 million computer addresses that have been hacked by criminals who hijack other people’s computers, turn them into servers and use them to send out massive amounts of spam and spyware.

Story abcNews

We have some new information tonight on the status of the security update that we’re working on that addresses the vulnerability in Windows Animated Cursor Handling.

From our ongoing monitoring of the situation, we can say that over this weekend attacks against this vulnerability have increased somewhat. Additionally, we are aware of public disclosure of proof-of-concept code. In light of these points, and based on customer feedback, we have been working around the clock to test this update and are currently planning to release the security update that addresses this issue on Tuesday April 3, 2007.

I want to note that we are testing still and will be up until the release, to ensure the highest quality possible. So, it’s possible that we will find an issue that will force us to delay the release. If we do find an issue, though, we will let you know through the MSRC weblog as soon as we know.

Microsoft Security Response Center Blog!

Microsoft Security Advisory (935423)
Vulnerability in Windows Animated Cursor Handling
Published: March 29, 2007

Microsoft is investigating new public reports of attacks exploiting a vulnerability in the way Microsoft Windows handles animated cursor (.ani) files. In order for this attack to be carried out, a user must either visit a Web site that contains a Web page that is used to exploit the vulnerability or view a specially crafted e-mail message or email attachment sent to them by an attacker.

Overview
Purpose of Advisory: To provide customers with initial notification of the publicly disclosed vulnerability. For more information see the “Workarounds and Mitigations” and “Suggested Actions” section of the security advisory.

Advisory Status: Issue Confirmed, Security Update Planned

Recommendation: Do not visit untrusted websites or view unsolicited email

Microsoft Security Advisory (935423)

This Trojan is spreading throughout the world rapidly. Once the attached file is executed, it creates a backdoor that can be used by the malware creators to take control of a system and make it part of a botnet to launch more attacks.

F-Secure has detailed information on their Blog

According to Russian news sources, each of the three extortionists who had aimed botnet-derived DDoS (distributed denial of service) attacks at targeted businesses, received eight year jail sentences.

Russian security company Kaspersky writes:

Yesterday a full stop was placed to one of the most notorious cases of cybercrime in Russia over the past few years.

Kaspersky Lab didn’t take part in this case, although of course we followed it with interest.

David Bowermaster, Seattle Times reports that Botnet Master Christopher Maxwell was sentenced to three years in prison by Judge Marsha Pechman, federal court in Seattle.

Maxwell pleaded guilty in May to one count of conspiracy to intentionally damage a protected computer and one count of intentional computer damage that interferes with medical treatment.

He must pay restitution of $114,000 to Northwest Hospital and restitution of $138,000 to the Department of Defense.

According to investigators, over a two-week period in February 2005, Maxwell’s botnet attacked more than 441,000 computers. Ouch.

Webhelper
25 June 2006

Due to the June 2006 DDos attacks against webhelper4u.com along with the lack of security with my old hosting service, I have moved to a new hosting service that gives me the ability to fight against future DDos attacks.

More here

26 June 2006
Webhelper DollarRevenue Main Menu

Because of the June 2006 DDos attacks against me from a trojan that came from DollarRevenue’s exetrafflc.com site, the following section will be devoted to the watching of all DollarRevenue.com’s opperations (sic) around the Internet.