14 DAY TRIAL // The online attackers are looking for a new way to conduct exploits and it seems like they finally found it: the free Geocities service provided by the super giant Sunnyvale company Yahoo. According to a blog post published on the Trend Micro Malware Blog, some scammers aim to lure visitors to access the Geocities pages, obviously equipped with dangerous content. It seems like those websites include a sort of Storm worm which caused serious headaches to the security vendors. Some of the websites ask visitors to install an "iPix plug-in" which is actually TROJ_ZBOT.BJ, Trend Micro wrote in the blog post. Clicking on this file takes the visitors on another website which attempts to download additional infected material.
"(It) looks like Yahoo! will have its hands full in the next couple of days. There are limited reports that the Storm worm may be spamming emails with links to a Geocities site. This was seen in the monitoring of the spam templates being sent via Storm communications to its botnets," Senior Threat Researcher Ivan Macalintal stated according to the Trend Micro Malware Blog.
The Geocities technology is pretty useful for the attackers aiming to conduct Storm exploits because it allows them to create free websites and publish almost any form of content. That's why you're advised to avoid visiting unknown Geocities websites and to refuse downloading untrusted content offered by malicious pages.
"This newest chapter in the Storm saga proves that the creators of the said malware are still very much active. Its use of a popular free server like Geocities and disguising itself as a plug-in may mean that they are still looking for more systems to infect. Storm has been notorious for its changing routines, and one could only guess how - and when - the Storm malware will attack next," the folks at the Trend Micro Malware Blog continued.