NFL Kickoff Weekend Brings Another Storm Worm Attack - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

NFL Kickoff Weekend Brings Another Storm Worm Attack

The Storm worm authors are taking advantage of the excitement around the opening days of the professional football season to add more victims to their botnet.

Are you ready for some football?

That could be the motto for the authors of the virulent Storm worm. After months of social engineering tricks centered around fake news alerts, promises of photos of scantily clad female celebrities, and even patch updates, the malware authors have turned their attention to the opening days of the U.S. football season.

"Anything to do with NFL at this time is going to be compelling for a lot of users," said Ron O'Brien, a senior security analyst with Sophos, in an interview. "This wasn't completely unexpected. The NFL season, particularly in the U.S. and with the rise of fantasy football, almost qualifies as a holiday. As we'd expect to see social engineering techniques arise around the holidays, like Mother's Day, we expect to see them arise with the start of football season."

The NFL (National Football League) season opened on Thursday, Sept. 6.

The Storm worm authors have been pounding the Internet with waves of mass mailings in an attempt to build up their botnet. The bigger and more far-reaching their botnet, the more spam they can send out and the more powerful denial-of-service attacks they can launch.

Cybercriminals commonly use holidays or major news items as the basis for new social engineering tricks. At the beginning of the month, for instance, the Storm worm authors sent out phony Labor Day e-cards, trying to lure unsuspecting users into clicking on a link that would supposedly take them to an electronic greeting card but actually took them to a malicious Web site where their machine was infected.

Both Sophos and the Internet Storm Center alerted users that the hackers sent out a new Storm worm campaign over the weekend.

This one came in the form of an e-mail with subject lines like: Are you ready for football season?; Free NFL Game Tracker; Football Season Is Here!; and Do you have your NFL Game List? The e-mail contains a link to a Web page that has the actual game results but all URLs in the page link to a malicious file, tracker.exe.

"The game result displayed is the real result," said O'Brien. "The person or persons responsible for this did their homework. It's indicative of the fact that they're constantly looking for new ways to add machines to their botnet."

Sophos is calling this variant of the Storm worm Mal/Dorf.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Flash Poll