Storm worm pulls Halloween hoax
Posted by StormWarning on 31 Oct 2007 at 04:39 pm | Tagged as: Cyber-security
Talk about timely. Don’t be tempted to download the latest scam the World’s largest bot net! Whether a “worm” or a Trojan Horse, this malware sucks people in by a spam email inviting them to visit a Halloween-themed URL to download a dancing skeleton…instead you get a version of the Storm malware that turns your PCs into a “zombie.”
Cyber threat watchers really haven’t figured out who or what is behind this Storm bot attack…
“Storm is a very aggressive worm,” says John Levine, president of consulting firm Taughannock Networks and co-chair of the Internet Research Task Force’s Anti-Spam Research Group. “It’s interesting because it uses a [peer-to-peer] control structure that makes it hard to kill.”
• European storm — Spam tries to send recipients to a Web site with more news on the results of winter weather.
• YouTube — Spam message tells recipients there’s a video of them posted on YouTube.
• Account confirmation — Spam messages ask recipients to click on an embedded link to confirm their account with a bogus organization.
• Happy Labor Day — Spam message tells recipients a holiday greeting is waiting for them at the linked site.
• National Football League — Spam attempts to lure football fans to a Web site that promises a free game tracker, among other things.
• Free games — E-mail tells recipients to click on link for free computer game downloads.
“F-Secure also says that Storm is the largest botnet in the world with just more than 1 million infected PCs; however, other researchers say there’s no way to know how many PCs have been infected…”
How Storm Attacks - The way Storm secretly installs itself on PCs is via spam, but typically Storm is not carried by the message; instead the message attempts to get the recipient to visit a Web site that downloads the malware. It’s hard to avoid Storm-related spam, which was particularly active in late summer and shows no sign of stopping. These spam blasts take advantage of whatever the malware’s owners think would most entice recipients to click on the embedded link to a Web site purportedly related to the e-mail’s subject — be it a recent event such as the Labor Day weekend or the start of the football season or pop culture items such as computer games or a YouTube video clip.
A word to the wise. Beware. Its Halloween and the night is just beginning. All I know is that whoever it is, whenever he/she is caught, he should be stung up from the highest tree by the short hairs.
Doesn’t matter…if you’re not careful, it’ll get you.
dancing skeleton, Storm bot
STORM bot, did you make this up yourself???? Is this a Halloween trick of yours???
I’ve got a photo manipulation of you, if you can laugh at yourself and not get upset I’ll email it to you.
You may find the following message of interest.
Today, our Information Security Officer forwarded the following email:
*****************************************************************
NEW YORK STATE OFFICE OF CYBER SECURITY AND CRITICAL INFRASTRUCTURE COORDINATION INFORMATION BULLETIN DATE ISSUED:
November 20, 2007
SUBJECT: A new Storm Worm variant has been found in number of email accounts across New York State email systems.
This new variant is delivered as an email attachment in a password protected file with a .rar file extension. When the attachment is opened with the provided password, the host will become infected and additional malware may be downloaded to the system.
The emails have some of the following characteristics:
Email Subject:
* We have tape of your conversation
* important for your live
* Your phone is monitored
* attention
* you’re being watched
* important
* We monitor your privacy
* I’m monitoring you
* important information
* We’re watching you
* Danger
Email Body Text:
The body of the email contains the following text.
I am working in a detective agency. My name is not important now. I want to warn you that i’m going to watch you and monitor your telephone line. Do you want to know who paid for shadowing you? Expect my next letter. P.S. Probably, you don’t believe me. But i think that the attached record of your telephone conversation will assure you that everything is real. The record is in archive. The password is 123qwe
Attachments:
The attachment names vary but generally use the following naming scheme.
call1105-[TWO DIGITS].rar
*********************************
I find it interesting that the message attempts to tap into the psychopathology of fear that currently infects the U.S.
Enjoy your Thanksgiving.
The fact that there is a new variant is not surprising, especially sinc eone of the characterisitcs of the Storm Worm is its evolutionary (or adaptive) traits. But, do you really believe that there is a psychopathology of fear in the US? Actually, that’s a silly question, because you asked the question and there the answer is yes. So how about this…how do you define it, and what are the symptoms?
I ask these questions because I’m not sure I agree that it exists. The variant described is creative though.