Storm Worm, Hidden In Phony E-Card Spam, Strikes Again - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications

Storm Worm, Hidden In Phony E-Card Spam, Strikes Again

The virulent Storm worm has been hitting on and off since January. Its authors keep changing the methods they use to send it, this time fooling people with fake e-card promises.

Security researchers are warning users and IT managers about a spike in the number of spam e-mails that are being sent out in massive waves to infect machines with a variant of the virulent Storm worm.

The e-mails entice unsuspecting users into going to malicious Web sites where their machines can be infected, according to a blog post by McAfee researcher Vinoo Thomas. And once the Storm worm infects a computer, new, updated infections can be fed into it.

The Storm worm blasted computers around the globe in January. It then reappeared in February when it was used in a spam attack that lured blog, bulletin board, and Webmail users to connect to a malicious Web site. Then in April, it hit again, with the Internet Storm Center reportedly detecting at least 20,000 infections in one day.

"With administrators filtering executable attachments at the mail gateway and most e-mail clients preventing a user from opening an executable attachment, virus authors are constantly improvising to stay ahead in the game," wrote Thomas. "Social engineering -- the oldest trick in the book -- along with the fatal combination of human stupidity plus curiosity provides ample fodder for virus authors to lure new victims; the innumerable newbie users of the Internet being the low hanging fruit."

In this attack, which started in June, hackers are spamming out e-mail messages that lure people to click on links that take them to malicious Web pages. This time the e-mails purport to notify the user that someone has sent them an electronic greeting card, or e-card. It might have a subject line saying something like, "You've Received a Postcard from a Family Member." The body of the message says the user needs to click on the link to view the virtual greeting.

Lorna Hutcheson, a handler at the Internet Storm Center, wrote in a recent blog post that the malicious Web sites have an interesting JavaScript that appears to have multiple ways to exploit a browser in order to compromise a system. "If you haven't gotten one yet, just give it time," she said, noting how widespread the attacks have become.

U.S.-CERT also issued an advisory about the phony e-card attacks. Researchers there recommended that IT managers and users keep antivirus signature files up to date and block executable and unknown file types at the e-mail gateway. Users should also be frequently reminded not to open e-mails about e-cards unless they check to make sure that someone actually sent them one.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Flash Poll