Saturday, June 30, 2007

Mpack & Storm Worm Creators Turn on Each Other

Via SecurityFix -

Just as thugs and drug dealers jealously guard their street corners with destructive turf wars, online spammers and other shadowy characters have been known to attack one another for control over virtual real estate. This week, security experts spotted a nasty tussle brewing between criminals who operate two of the largest networks of hijacked computers used to blast out spam.

This latest cyber crime feud stars the folks behind the massively successful "Storm worm," and the crooks responsible for unleashing the recent Mpack online attack tool. The Storm worm surfaced earlier this year, initially posing as video clips of a European windstorm that killed dozens of people. Computers infected with it were merged into a botnet whose sole purpose appears to be using them to relay junk e-mail. Storm also plants a "rootkit," or set of files designed to hide the malicious software from security programs and prevent its removal.

This month's Mpack attack tool apparently removes a number of rootkits from computers it infects, to make room for its own. Rootkits have a tendency to make infected systems unstable and prone to crashing, and multiple rootkits on a single machine often render the host unusable.

Apparently, the Storm worm folks weren't too happy about this development. They are currently attacking the Web server that Mpack uses to fetch configuration files for spam runs, according to MyNetWatchman, a company that monitors hacking and spamming activity.

The individuals behind the Storm worm have launched similar attacks against security researchers and groups working to stymie the operations of cyber criminals. It's nice to see the bad guys training the big guns on each other for a change.

No comments:

Post a Comment