Storm Trojan dupes users with Halloween jig

The latest holiday-inspired spam by the botnet-building malware in progress

The Storm Trojan is flooding e-mail in-boxes with a Halloween spam blitz, security companies said Thursday. This is just the latest example of the bot-building malware's knack of capitalizing on current events to dupe people into infecting their PCs.

The newest campaign arrives in messages with subject heads such as "Dancing Bones" and "The most amazing dancing skeleton," said Abingdon, England-based Sophos PLC in an alert posted on its site. The messages include a link to a malicious URL posing as a Halloween-themed site; once there, users can click on a file, "halloween.exe," which purports to be a dancing skeleton game, but which actually fires up Storm in the background.

Visitors running unpatched machines can also be hit by Storm after a multistrike exploit package pings the PC for vulnerabilities and, if it finds one, compromises the computer and as the slips in Storm.

"This is just the latest incarnation of the poisoned e-card attack, also known as Storm, which has dominated the malware scene for months," Graham Cluley, a Sophos consultant, said in a statement. "The gang responsible are experts at choosing topical disguises or crafting alluring e-mails."

Storm's makers have relied on current events and holidays since the Trojan first appeared in January as an attachment to a message broadcasting news of that month's major windstorm in Europe. Since then, Storm has piggybacked on messages hyping everything from the Fourth of July to Labor Day.

The malware has become famous in security circles for its use of social engineering tricks. More than two months ago, Symantec researcher Hon Lau acknowledged the hackers' ability to craft tempting messages. "They have a knack for latching on to the latest newsworthy events and capitalizing on the public interest in them," Hon said then. "And if no newsworthy events are happening at the time, then they will just make them up."

All of Storm's energies are devoted to hijacking PCs so it can use them as bots in a network, or botnet, of hacked machines. Recently, researchers have reported that the Storm botnet may be splitting up into smaller segments, perhaps in preparation for sale to others who could use them for spamming or other schemes.

Most antivirus products have signature definitions in place that detect and delete the Storm Trojan used in the Halloween attack, according to London-based Heise Security.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Gregg Keizer

Computerworld

Comments

Comments are now closed.

Latest News Articles

Most Popular Articles

Follow Us

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Resources

Best Deals on GoodGearGuide

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?