Storm spams promise spooky Halloween

Posted by   Virus Bulletin on   Oct 31, 2007

Tricks not treats as skeleton game emails link to attack.

The 'Storm' attack has once again taken advantage of a popular cultural occasion to spam out the latest wave of links to fake online games, which hide new variants of trojans designed to hijack systems and add them to a global zombie network.

Previous dates targeted by the criminals behind the attack include Valentine's Day and the Fourth of July, with news events, birthdays and other topics used in between to keep the ever-evolving attack hitting new vulnerable systems. After initial waves of spams hyping news stories, ecards became the major hook for the mails before offers of free fun and games on the web took centre stage.

The attack, variously dubbed 'Nuwar', 'Zhelatin', 'Dorf', 'Peed' etc., but commonly known as Storm, infects vulnerable systems using exploits for common browser flaws, and has been regularly updated throughout the year, with new functionality added to each wave. The botnet bult up by infected systems has been used for spamming and for DDoS attacks, including on researchers trying to analyse the attack's behaviour and sources.

More information, and screenshots of the latest wave, can be found at F-Secure (here), Sophos (here), Trend Micro (here) or WebSense (here).

A report on the evolution of the Storm worm will be included in the November issue of Virus Bulletin (publication date 1 November). Click here for details of how to subscribe.

Posted on 31 October 2007 by Virus Bulletin



Latest posts:

In memoriam: Prof. Ross Anderson

We were very sorry to learn of the passing of Professor Ross Anderson a few days ago.

In memoriam: Dr Alan Solomon

We were very sorry to learn of the passing of industry pioneer Dr Alan Solomon earlier this week.

New paper: Nexus Android banking botnet – compromising C&C panels and dissecting mobile AppInjects

In a new paper, researchers Aditya K Sood and Rohit Bansal provide details of a security vulnerability in the Nexus Android botnet C&C panel that was exploited in order to gather threat intelligence, and present a model of mobile AppInjects.

New paper: Collector-stealer: a Russian origin credential and information extractor

In a new paper, F5 researchers Aditya K Sood and Rohit Chaturvedi present a 360 analysis of Collector-stealer, a Russian-origin credential and information extractor.

VB2021 localhost videos available on YouTube

VB has made all VB2021 localhost presentations available on the VB YouTube channel, so you can now watch - and share - any part of the conference freely and without registration.

We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.