Software // Enterprise Applications
03:22 PM

Storm Worm, Hidden In Phony E-Card Spam, Strikes Again

The virulent Storm worm has been hitting on and off since January. Its authors keep changing the methods they use to send it, this time fooling people with fake e-card promises.

Security researchers are warning users and IT managers about a spike in the number of spam e-mails that are being sent out in massive waves to infect machines with a variant of the virulent Storm worm.

The e-mails entice unsuspecting users into going to malicious Web sites where their machines can be infected, according to a blog post by McAfee researcher Vinoo Thomas. And once the Storm worm infects a computer, new, updated infections can be fed into it.

The Storm worm blasted computers around the globe in January. It then reappeared in February when it was used in a spam attack that lured blog, bulletin board, and Webmail users to connect to a malicious Web site. Then in April, it hit again, with the Internet Storm Center reportedly detecting at least 20,000 infections in one day.

"With administrators filtering executable attachments at the mail gateway and most e-mail clients preventing a user from opening an executable attachment, virus authors are constantly improvising to stay ahead in the game," wrote Thomas. "Social engineering -- the oldest trick in the book -- along with the fatal combination of human stupidity plus curiosity provides ample fodder for virus authors to lure new victims; the innumerable newbie users of the Internet being the low hanging fruit."

In this attack, which started in June, hackers are spamming out e-mail messages that lure people to click on links that take them to malicious Web pages. This time the e-mails purport to notify the user that someone has sent them an electronic greeting card, or e-card. It might have a subject line saying something like, "You've Received a Postcard from a Family Member." The body of the message says the user needs to click on the link to view the virtual greeting.

Lorna Hutcheson, a handler at the Internet Storm Center, wrote in a recent blog post that the malicious Web sites have an interesting JavaScript that appears to have multiple ways to exploit a browser in order to compromise a system. "If you haven't gotten one yet, just give it time," she said, noting how widespread the attacks have become.

U.S.-CERT also issued an advisory about the phony e-card attacks. Researchers there recommended that IT managers and users keep antivirus signature files up to date and block executable and unknown file types at the e-mail gateway. Users should also be frequently reminded not to open e-mails about e-cards unless they check to make sure that someone actually sent them one.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Listen Now InformationWeek Live for the Week of October 23, 2016
Join us for a roundup of the top stories on for the week of October 23, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll