A variant of the Trojan horse attacks known as Storm Worm emerged Monday (February 26, 2007), targeting people who post blogs and notices to bulletin boards. “The new Storm Worm variant attacks the users’ machines when they open an e-mail attachment, click on a malicious e-mail link or visit a malicious site,” said Dmitri Alperovitch, principal research scientist at Secure Computing.

Alperovitch explains that there is a new component in the variant that enables it to analyze network traffic on the infected computer and dynamically insert a link to the malicious site into text — whether it’s a blog post, a bulletin board entry or an e-mail sent through a webmail system. The users’ text will contain their own content, along with the link and a note that lures readers to check out a Web site with “fun” videos or e-card. Users who go to the malicious site have their own machines infected with this updated version of the worm, which some security vendors are referring to as a Trojan horse. When these people later post blogs or bulletin board notices, Storm Worm will insert into each of their postings a link to a malicious Web site.