Welcome, Guest. Please login or register.

Author Topic: Storm Worm Victims Get Stock Spam Pop-Up  (Read 3031 times)

0 Members and 1 Guest are viewing this topic.

The Web Team

  • Hero Member
  • *****
  • Posts: 8755
  • Karma: 14
    • View Profile
    • Qwoter
Storm Worm Victims Get Stock Spam Pop-Up
« on: November 14, 2007, 07:22:03 AM »
Full article located at : http://blog.washingtonpost.com/securityfix/2007/11/storm_worm_victims_get_stock_s_1.html

By: BRIAN KREBS, © 2006-2007 The Washington Post Company



-----------------------------------------------
HPGI — Hemisphere Gold, Inc.
Com (1 Cent)
Primary Venue: Pink Sheets
Pink Sheets Status: Still Quoted

----------------------------------------------

If you're a Windows users and today received a surprise pop-up advertisement urging you to invest in an obscure penny stock, it is highly likely that your computer is infected with the virulent Storm worm, a nasty intruder that currently resides on an estimated 200,000 PCs worldwide.

Criminal groups that control the pool of Storm-infected computers have traditionally used those systems to pump out junk e-mail ads touting thinly traded penny stocks as part of an elaborate and ongoing series of "pump-and-dump" schemes. But today, according to security researchers, the Storm worm authors went a step further by causing a pop-up ad for a particular penny stock to be shown on all infected machines.

Atlanta-based SecureWorks tracked the latest Storm activity, which began earlier this morning. The pop-up, shown in the image to the right, touts a microcap stock for Hemisphere Gold Inc. [HPGI.PK] as a "strong buy." Joe Stewart, a senior security researcher at SecureWorks who has closely tracked Storm since its inception in January, said this is the same stock that Storm-infected machines advertised in a traditional spam run that began Monday evening.

For those readers who received this pop-up, the news only gets worse: Detecting and removing a Storm infestation can be exceedingly difficult, as it is programed to regularly mutate its digital make-up. Part of Storm's sneakiness stems from the fact that it ships with what's known as a "rootkit," a set of computer instructions designed to hide the malicious files and system processes that carry out most of the worm's activities. It does this essentially by inserting those components into legitimate Windows processes and drivers -- such as "tcpip.sys," the driver that handles core Internet networking functions on Windows systems.

"By injecting itself into regular Windows processes and hijacking Windows drivers, Storm doesn't give you much to grab onto there," Stewart said. "Most people are going to have to depend on their anti-virus vendor to eventually get updated to detect whichever Storm variant is on their machine, or pay an expert to find it on their machine and remove it."

Predictably, anyone who was foolish enough to snap up shares of the Storm-touted stock -- HPGI.PK -- lost money in trading. The company's share price fell 15 cents today, from $1.15 per share to $1.00. A noticeable and uncharacteristic uptick in trading volume on this stock is evident over the past week, possibly indicating that groups allied with the Storm worm authors were taking a position in advance of this spam campaign.

I put a call into Hemisphere Gold and am awaiting a response. I'll update this post if the company issues a comment or responds to my query.

The Web Team
Qwoter.com

The Web Team

  • Hero Member
  • *****
  • Posts: 8755
  • Karma: 14
    • View Profile
    • Qwoter
Re: Storm Worm Victims Get Stock Spam Pop-Up
« Reply #1 on: November 15, 2007, 05:55:13 PM »
ALERT: I think we are turning SOUTH, the "Storm" is clearing out!
The Web Team
Qwoter.com

Tags:
 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Warning: this topic has not been posted in for at least 350 days.
Unless you're sure you want to reply, please consider starting a new topic.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
What color is the Qwoter logo?:

What year was Qwoter founded in?
(hint: look at copyright below):

Related Topics

  Subject / Started by Replies Last post
0 Replies
1499 Views
Last post August 31, 2007, 02:00:26 PM
by Deez
0 Replies
1465 Views
Last post September 03, 2007, 06:00:17 PM
by Deez
0 Replies
1424 Views
Last post September 04, 2007, 02:20:50 PM
by Deez
0 Replies
1297 Views
Last post October 21, 2007, 01:00:30 PM
by Deez
0 Replies
1354 Views
Last post October 25, 2007, 06:00:45 AM
by Deez
0 Replies
1229 Views
Last post October 31, 2007, 09:00:14 AM
by Deez
0 Replies
1300 Views
Last post November 14, 2007, 12:00:32 AM
by Deez
0 Replies
1525 Views
Last post December 26, 2007, 04:00:41 PM
by Deez
0 Replies
1322 Views
Last post February 01, 2008, 09:00:52 AM
by Deez
0 Replies
1253 Views
Last post June 18, 2008, 07:17:12 AM
by Deez