Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Storm Worm - Will A New Holiday Version Surface?

  • Please log in to reply
No replies to this topic

#1 harrywaldron


    Security Reporter

  • Members
  • 509 posts
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:09:27 AM

Posted 05 December 2007 - 08:46 AM

Posted Image The storm worm uses innovation both technically and in social engineering tactics. Security researchers anticipate new e-card versions could surface during the holiday season. F-Secure is already reporting two Christmas e-cards that link to malicious sites. They appear to be similar to previous Storm worm attacks in format.

When clicking on these malicious web sites, spyware and viruses can be automatically installed without the user's knowledge if the browser is vulnerable to exploits used in these attacks. Folks should always exercise caution in email, IM, and website usage.

GNC news - Is a holiday Storm brewing?

QUOTE: Hanukkah begins this evening at sundown, and with the arrival of a new holiday season comes a reminder that not all e-greeting cards may contain best wishes. Researchers at MX Logic’s Threat Operation Center warn of a possible outbreak of new variants of the venerable Storm Worm.

The Storm Worm developers notoriously release variants around holidays that prey on people’s vulnerabilities to open festive greeting cards,” said Sam Masiello, director of threat management at Denver-based MX Logic. “We consider the Storm Worm variants that hit on the Fourth of July and Halloween as a precursor for another variant this holiday season.”

Internet users should be cautious of opening e-mails that appear to be sent directly from greeting card companies such as Hallmark,” Masiello said. “Legitimate greeting card companies offer ways to open e-cards other than clicking an e-mail link. These include a confirmation code within the message. Users should copy and paste these codes directly on the e-card Web site.

So have a Happy Hanukkah, a Merry Christmas and a Happy New Year, but think twice before clicking on that link Posted ImagePosted ImagePosted Image

Posted Image Some current examples of e-card based malware as noted by AV security firms Posted Image

F-Secure - Merry Christmas e-card version #1

QUOTE: It's December, and we've already seen the first malware runs using fake Christmas Cards as the lure. In reality, it's a Zapchast mIRC-based backdoor.

F-Secure - Merry Christmas e-card version #1

QUOTE: We've just seen another fake Christmas card malware run. The site prompts the user to download malicious macromedia-flashplayerupdate.exe. We detect this file as an Agent variant. It collects various types of information from the infected machine and sends it back to the malware author via a website.

Trend - Season’s eGreetings from Spammers

QUOTE: Spammers would like recipients to believe that these eCards come from a legitimate sender; the From line, which is spoofed, is displaying the name of a reputable company. Interestingly, the mail body bears the phrase “no worm, no virus” to falsely allay users’ fears of infection. But of course, since spammers are not exactly purveyors of truth, users do get infected.

Symantec - Xmas eCard Spam - Malicious Downloader

QUOTE: These eCards are purportedly sent from a legitimate source and try to lure the victim to click on the link to view the eCards, which have underlying tricks to try and infect the computer. With the Xmas bells starting to ring, here is the first incidence where Xmas ecards have started doing the rounds. The URL included in the eCards attempts to download "sos385.tmp" file, which is a downloader.

BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users