Friday, 23 May 2008

Playing with Storm

This video shows an anti-virus researcher playing with a website infected with the Storm worm. Security firm F-Secure published it on YouTube around a year ago, so it's certainly not new. However, it's still an interesting look at how server-side malware can change itself every time someone downloads it. In this case it is changing the padding to avoid detection by anti-virus software.

The researcher uses different web browsers (or at least pretends to) to demonstrate how the site reacts. For example, when the visitor uses Internet Explorer 6.0 (IE6) it serves a page containing exploit code designed to attack this browser. It serves different code when the visitor uses Firefox.