Feb13
5:30 am (UTC-7)   |   by Paul Oliveria (Technical Communications)

Here’s an interesting update regarding the “storm malware” (a.k.a. TROJ_SMALL.EDW and WORM_NUWAR.CQ — I really can’t tell the difference anymore, considering they work together): they’re attacking STRATION.

In an analysis by Joe Stewart of SecureWorks, it was found out that the P2P botnet created by TROJ_SMALL.EDW has a distributed denial of service (DDoS) functionality that targets specific IP addresses. Among the said addresses are related to the following domains known to be used by certain STRATION variants:

  • adesuikintandefunhandesun.com
  • esunhuitionkdefunhsadwa.com
  • huirefunkionmdesa.com
  • krovalidajop.com
  • shionkertunhedanse.com
  • traferreg.com

A more detailed analysis can be found here.

The last time a “worm war” took place (it was NETSKY vs. BAGLE, if my memory serves me right), the “collateral damage” — i.e., customer infections/outbreaks, which also translate to monetary losses — was high. Is history repeating itself? Let’s hope not.

If you're new here, you may want to subscribe to our RSS feed. Thanks for visiting!



This entry was posted on Tuesday, February 13th, 2007 at 5:30 am and is filed under Uncategorized . Responses are closed, but you can trackback from your own site.



Comments are closed.


Password Protected Malwares Making a Comeback
PE_FUJACKS Raises the Bar for File Infectors


 
TrendWatch Hijack This Web Protection Add-On
Free Online Virus Scan Rootkit Buster Submit Suspicious Files
Global Malware Map RUBotted? Trend Micro
 



    		 
© Copyright 2009 Trend Micro Inc. All rights reserved. Legal Notice