Incident Response, TDR

‘Storm’ crimeware attack campaigns hit Windows XP users in China

From late 2013 through the early part of this year, researchers noted a spike in campaigns spreading crimeware that targets Windows XP systems.

On Tuesday, the Akamai Prolexic Security Engineering and Response Team (PLXsert) detailed the threat on a company blog, and published an advisory on the Storm Network Stress Tester crimeware kit.  

According to Akamai, the attack tool offers criminals remote administration capabilities on targeted PCs. PLXsert also noted that the crimeware kit was customized to specifically target vulnerable XP machines in China, but that it was also capable of infecting newer Windows operating systems.

The Storm crimeware kit enables the upload and download of malicious files, the launch of executables, and also notably comes with four distributed denial-of-service (DDoS) attack vectors, the firm revealed.

“One PC infected by the kit can generate up to 12 Mbps of DDoS attack traffic with a single attack," the blog post said. "The kit comes pre-programmed to launch four types of DDoS attacks at once, increasing the potential attack volume."

Rod Soto, a senior security researcher at PLXsert, told in a Wednesday interview that the crimeware kit may date back to 2008, but that a number of campaigns spreading the threat became active last year.

“In late 2013 and the early part of Q4 2014, we saw a lot of campaigns originating from China,” Soto said of the Storm kit, which primarily targets users in the country.

He added that the threat was of particular concern as many users continue to run XP – software that recently approached its end of life. Those targeted are likely to be running vulnerable versions of the software, as Microsoft stopped dispatching fixes for XP vulnerabilities earlier this month.

In the blog post, Akamai noted that Storm exemplified an “all-purpose crimeware platform that can be used for a variety of malicious activity,” given its ability to download malicious files and launch high-powered DDoS attacks. Crimeware kits are often used to install various malware on targeted machines by exploiting vulnerabilities in widely used software.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.