Software // Enterprise Applications
News
7/2/2007
03:22 PM
50%
50%

Storm Worm, Hidden In Phony E-Card Spam, Strikes Again

The virulent Storm worm has been hitting on and off since January. Its authors keep changing the methods they use to send it, this time fooling people with fake e-card promises.

Security researchers are warning users and IT managers about a spike in the number of spam e-mails that are being sent out in massive waves to infect machines with a variant of the virulent Storm worm.

The e-mails entice unsuspecting users into going to malicious Web sites where their machines can be infected, according to a blog post by McAfee researcher Vinoo Thomas. And once the Storm worm infects a computer, new, updated infections can be fed into it.

The Storm worm blasted computers around the globe in January. It then reappeared in February when it was used in a spam attack that lured blog, bulletin board, and Webmail users to connect to a malicious Web site. Then in April, it hit again, with the Internet Storm Center reportedly detecting at least 20,000 infections in one day.

"With administrators filtering executable attachments at the mail gateway and most e-mail clients preventing a user from opening an executable attachment, virus authors are constantly improvising to stay ahead in the game," wrote Thomas. "Social engineering -- the oldest trick in the book -- along with the fatal combination of human stupidity plus curiosity provides ample fodder for virus authors to lure new victims; the innumerable newbie users of the Internet being the low hanging fruit."

In this attack, which started in June, hackers are spamming out e-mail messages that lure people to click on links that take them to malicious Web pages. This time the e-mails purport to notify the user that someone has sent them an electronic greeting card, or e-card. It might have a subject line saying something like, "You've Received a Postcard from a Family Member." The body of the message says the user needs to click on the link to view the virtual greeting.

Lorna Hutcheson, a handler at the Internet Storm Center, wrote in a recent blog post that the malicious Web sites have an interesting JavaScript that appears to have multiple ways to exploit a browser in order to compromise a system. "If you haven't gotten one yet, just give it time," she said, noting how widespread the attacks have become.

U.S.-CERT also issued an advisory about the phony e-card attacks. Researchers there recommended that IT managers and users keep antivirus signature files up to date and block executable and unknown file types at the e-mail gateway. Users should also be frequently reminded not to open e-mails about e-cards unless they check to make sure that someone actually sent them one.

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Dec. 9, 2014
Apps will make or break the tablet as a work device, but don't shortchange critical factors related to hardware, security, peripherals, and integration.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of December 14, 2014. Be here for the show and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.