Network Security & Hardware - eWeek


Is the Smart Grid a Dumb Idea?
Surgical Adhesive Offers Smarter Way to Mend Bones
Get Smarter Technology on Your Mobile!
  Network Security & Hardware


Dancing Skeletons are Latest Storm Botnet Trick



 By: Lisa Vaas
2007-10-31
Article Rating:starstarstarstarstar / 2


There are 0 user comments on this Network Security & Hardware story.


Rate This Article:
Poor Best
Halloween-themed spamming is leading users to a dancing skeleton game that installs a Trojan and gains remote access to victims' PCs.

This Halloween, do not fall for Dancing Bones, "the most amazing dancing skeleton."

Spam advertising the Halloween-themed site is leading users to a dancing skeleton game that installs a Trojan, which gives crooks remote access to victims PCs.

Sophos and other security firms are warning that spam bearing the following subject headers is the latest incarnation of the ecard campaign, also known as the Storm worm botnet, which has been reinventing itself time and again in the malware scene since it first showed up in January:

Resource Library:

  • Happy Halloween
  • Dancing Bones
  • The most amazing dancing skeleton
  • Show this to the kids
  • Send this to your friends
  • Man this rocks

Sophos is reporting that the page serves malicious JavaScript (detected as Troj/JSXor-Gen) that attempts to trick users into downloading a number of infected files through a link to a "halloween.exe" file that the firm is detecting as Mal/Behav-146.

Furthermore, the sites authors have been working to improve the graphics. When Sophos most recently refreshed the site on Oct. 30, it rendered as a more attractive—and hence more convincing—image.

Why do we continue to click on spam? Click here to read more.

Researchers also note that the malware-serving site further tortures visitors by playing the song "Boom Boom Boom Boom! " from the Vengaboys. "The Russian Business Network [a Russian ISP thats notorious for hosting illegal or shadowy businesses] has shown that there is truly no limit to their depravity," said TrendLabs Robert McArdle in a posting.

Earlier in October, Sophos reported that spammers were distributing Halloween-related e-mails in an attempt to garner personal information from recipients. In those earlier spam e-mails, what Sophos called "painful" puns were used to lure targets into entering personal information in exchange for a $250 MasterCard gift card—a deal that "could raise the living dead," the spammers promised.

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.



  Reader Comments: Dancing Skeletons are Latest Storm Botnet Trick
>>> Be the FIRST to comment on this article!
 

 
 
>>> More Network Security & Hardware Articles          >>> More By Lisa Vaas
 


x}ks8q8c"#MɶkcY^K7SJE1ErIʶwro7%?2sTlFwh4~ 'I"ftcnQ?sOuޙ'w6{R(%GFgP+N-w5 E]0eNFNv@\}@^sFwD%x_'Щ=ѩ&€wɔiPل͙ؗ6}^~b .hѶ ⌳IlG tyG`aFNv@/T| pfL&;=aR!k4ً(qG/wɀYǽF {.Q^Z␌,GZUX'[vx1B#"Fτ]ͻHbPr&Nww#205IRZ"[ XdTj ӑc)u8r x08JeJ-jfL yf_%z(ww-ԆNY_:]>o Vs7-R#X@vIna>E4f™EQ udNxp*?[ڗu&u}Yf0R*CA-t?c;Szqsvz|qӹJAͼ94oo 3NE ;- ujvf5P:o43@_x0Fusn5r'@kiFkPYT`k6R\ 9lb v!fByP:&,)|YB* bԤrݢPP3>Χ˅B!"xN3ˌE !\J!}! g|8Jn.r?uKZfu՜Ӆ]We oY#LK\zcOguz~6LqJjpX.B2iKB0.pjjۛjRMG_)CR/JG-dj`qaeJݠcmnyw~NfEG|F s>k4N< EC!ɠڴb{\fS4!E&-Ѐ/qpy4ڭ-%_ >< FNj$ >6(Zχ`j˦Mf@B9{ǻޚA<QБ4|a qjQ?]*~hs-w= } wA,߃9#z[LKx GN }p (~9-R;C/1{bA2 EEKy3@ $h5az/mb$w$]KI+\fD8nOu$]8gڹLX.QY,p[/ ͙JRdYu Q="`&Qea*0pRx5Qn-`oJ#UWj& MX,CtH{<7-` [N@N50OiH\U}`9ޟx=Fn;A뎒:\f335{00q}c] kjwtӴyJ3ӆԧ$rTDhL˄r=6`\2'55K\:ıa漇dN'p6?>{@L\n|8$4<3_O#k[} e jJ=SsA|5i!3L&Ze nq^i:[@Lg˦zkfTؽ/ 7r@2Km*4F@0V_Xvo jQtW(&АT um:fXGJ]D!1~ha2(_OpSw{!{jaaC+EE.OLYZsXj::NXS]OT \|6*'||0ː ;uJkX"L U)=t%\42.|O V,'0{ gб3bea?k {eK\Hq6Ϯm V!2D+ه0`M EDN{6R^)#0iTWʅĤ_$I?րH{A2,exY΁5mIr 'jY$ Ei.2<87Qo>U< ıLb0qqغ7,:1Xe;;pM;~ 6AS-cfDL3$!O^'JBOքk&.}yTc DA#E . @. m!X`j D"*U `n*vVѱ(թ%6=@,.&Dtl?`"#>}ڧnssQ*Jw3 ROZV,֪15ǩV\=*)j7+|&9)R3Kuq'|m1/N_o>4FxPJo?C0t.tȕ`s|eLFմlxTa$Z`FnRm`n0LѽWK.(6{ v swq5`EY_͑F0f&P Lo P׊ ~e; ^,_]hD1(dyDF4@/=q8bk NM|8ڳ"ZJ qvsTy9kY%f+aEyݙizrujFYTy3is{9~ ޒO,gn;pi-uQby.Am /Ur-|SM:f2/cX_dU-'0dL4Ω,6 خiϼV&>e>c'}^ApaqgXo| wl>s7ѻMkls Kq3`93"豥mBt`#AAzEk-g}X#2␜ w*0΁MBPr 2=ct864W}6['^-a,0rn\☺n>2I*"Eeb 8)LUKj{[ 3/0ւBMAh|?|ѝxAcEi\xobʧb TuQR޴j CoED\N*9 ^  lZv@Kkpo= -2j>uRafK%2_vFܖ[J,]Aa u0 M\6%Q讻h]n Zf$s,*.i-e fF*͐[YQkuENIjVڳ$t` ۳<%8tpL\'eM=J皽1D= ϟݜ;sC`>Li;I@ r;qO+a>&5 pĵ) JA)ݣ,D$_d0JP-֫`W%ɠK= J;!(|{W !i*6ǷWXOdK!Oo%EDOCVngX&Պ 1M1y}Z+=J ПBQ`о(&w,ɪO@T #NEw%]n:CRT>Yr χxǀ5_AwyHDyy|Fkea+KxioRCR>"jTt[lb8K} LAIP 4p="ik#Ouzڹ|/]w᳋ `y B` 8ΥIw͏e[J:7]w9"!.:/YF^9hOM10vhRdQfJ}X#K#fWDH݀h!i3 N/Ns>V\zF_kɾ,8Aϐa6F4ZSk5/Q֭̚_f $`P8ǀzB:q_]>GG:KE5P^S QW2REhIA%Oz-x|-r/HUɉC^4}+ y*}y:}_exL+ǻB0Gg56IOwq@HE >_9/g`IB^o <%Ez7dj#N M5W"v=O[?G0 cl9aR)%bz& [viQ%uyjtJ)SBt 02H PU7,O$e=lI2 KBh%bbVHRoպܞ6<1ޥ]ƙBNmK$h dgKU 3 KqkP I"+ `->#+y5EY-.l*$'?v 81 4dkwD /'yVz7~(,dk.}?I/K턟ݖycOKSϑ%٘&BEW5ln$jYpJe_.ȔWN HXd1.P2vA Js[gȞx~K7b o|}& ~W*];PI9w뻿~=mҲ(r_ZDNpw5Q${qI%.x}?.K`\Tky^v} ,$>?G{o D:*p&޸,0eH˭^'\/_zҏOLv>Ov~{uUiըjQBKsuO`2@u[tɑKt7צ GyLaq-Mh/KQ/yu&fĬۍ>#^‰“\%;F'n*s9:-5ɄKY8nò@H` ,Oz9"1tҁR8ҷqn܊y/-D@tet`eČs/ b &[QL8MymXi겎C}(#x;أwe~ZNs}UaQa`w܋RۋjX*$tJƔJbs<6Dx|l!ń!`e͢^04=k. ej!z\TӏW/GppټA ~\#]Z,JHl' "#(ٍRLKb3& [e6CEŴR0%r^كwDuYZ7]`t83}`Js38,$R ?sIC'}|?L0$_JyR¢2嫡V6z$6y-7W⍛.83 ߖLoÉOn4J"KbH[dhfPoe⋳VW x_S_zO ]C'SїJRT  H Rq#D" ~[Tro^uPUz:{E3Q$wZj(- xz&s*,Fԓmh%:& 4Y+E(Am殰ï`/KHmssZ)ERO#e 9{ݗ> =\ KZ)*K,t"":` XT! f|-y1"?i;dgLe0& [7ʹFsKmRTV,JUL 4T[3OH#=ͧ6,nˆ״f1cc隊[˄L—Y|#k,M53Ԥc +d Mq! l~q~q~q~q~}gY)}z W{enXMO|쐴4kQ6q.fN+[LuL`u jee05&T}yfG4w%OJht45&:B\Ha< ״ֆ/=s!L& a bȶH~z=B%h4b>Үi=guS}#<ZqcWrA:>mbnDauĦ} aִ1q^ ːBA` .RsA-jŌ6M CS)IJl`גD풨]Җ"ZfGyΰGGKC!屧߽߽߽߽zgmyAӓ{r 'N &jR[s ]Ɏm1t`0@Ho YugQ! ng3RˣF!O: ax\8x+RX`G|>-0lnW}n`qé~%+ /fC?9\ q挤6+wi,0g>fnwC $}ظ$$.4hPk;"P[ .(sJq |#;*C|SWQOF6q䚏Vy}W:^tLg=3w;ڮ8ƭu59*5VNצKoV7/RJ5=uaYujۈYޣ3玮$zU2\jjN e85|6q=W?%_if#e։ 9V$0"*Θh֖4'P2=a֏D+op[@p/{X:C"t~P8Pk}-'Ӫ=D(XK|b>QiHጸ:-FR^)+f?a!^tIw'y{Dd:aD)2; G(opb䭽oĵd?6B~2gOHOaR͏L:'ηq "E o x8n K{{[߸$!] "bvȏ{"A/+=5t]ƅTxj#Z*t^q PVb!Mp#|IAw8PY TeQO^tyݸD*`w.%0-g'cWF؇Bj !/D7qaI{ŅC&sϘ$i9qmMMu&^/ ka &blRK!'p. I5ˋCAE! ;CAKfRl VP m.͂͢E tCc%5Sz~zz_ZbiE.c 2u5WHk̘xmm4vlNz yԥBMtE?TChRx#-F5נwmo~?)fF<@&Ldj=!v5c` oJ.қ≠D37:UhsÑٷ'7E-* ;,˗ݝD22n&~iX1x>H':t=jh D2ҤJ vZZ#X(+J Pc0uđZfG@.`@ 5r *kNbcBOK.kXGl7K1#jX0ok -q,6K&2Jta\lGN$(cX ~==]̒͂:8>- G+1[ w- r;〝QHAH+ET0޻K{YV^@96Yln S:s^aci7t 16)t|HI -gw$B_tyZ^Oa.=X^ `|oeZ`3+n{lˊRMȶ8.)J %N09l6a 8:Iߥ4 ?R)!_~u9`VǘMZ @GLm 71jzN۠{㱩1UL(QoB!1 \TcЭB)˪M;InP}wY?e=` ' 24/x߽[!ʃZ+=Jl~'#dM, y|U:i|%wEϢA"JtMx57+ Sx֐C7)*E-%=8hxqـjEl~E:td»46ȝ<"&s'ُpS;"ΐ௥oXV{+$νOg-<0-SWld""@ՈY_پi? ?:}ӿh>zxX2bw,9k'Cߑ7R*`9aJQwS}j}& 6$EuE)dW; wCGy– \v9Vֽ?#7L>-l \Zs4c1z}_ƈ\faD9p=SѨ-1Șh MQ HxDirtv4!"L 6@@P0H7317>IT,) 00mݚ1;m?|>aD\11Fiŷ~(l;b21c|>O`__ H"bT/A3 "PV: 9C(~bJ ͍$u~+VK X`k,2E<ezY<6swe~qt6O5KqfldaQZ(G71<` ?8&غ9PL5m^hkLJy22 gn)sC9,jO6W#\]dqxixɎ(ah,.6q̀O3xRv}YQJNa21S:=nj6Z[AgN|vuI:|jQ=ZuR\js@1@C|o_Ow5Cx_m];^dAoP~(Ay/9}hp(?g@ Pqsy'vntn]͂fз fЧ w3v3 O /?As(?(- ݌rˌ̐KˌA{e^~+x*k  ? l.1>ArS~~2w7Y7{dwɹN2!(oeY No\8\8_YWAa uyQ^ }V)@yJ ,c2\)g{9;[?[uNzu CFWT=k */dm4h8VӮ ۸/6 h}1Ɨ^ZG%/ޤiv3y`ć^Tk6:5DQ3[ LjC?oĵ#O3mC// >O>^wkҾl] Z=5쓥->gA7gn"B8#`1zI\0vZ{h~34]Oo4pGsn ?Mgf uɹT)jIoR-W+俒k$2^dz@tDQe jro9 Z)˥*D`q9#Tx|Demګ.91C=b{hǬ[ɖP=^?&G'&ޔl |^1 {7/tj^"_v3&mc(2bb{ˈT`T|Jx obq9^O|y6%bn# /#=2gjy }dy0\9+hw]V=ȾwF=Ch_Lx uY/޺}hd9Mk+cP<Pf7I]Id b0O|e'0O2#0' MĮkfAj3´B sM> a0'VbgHAأ_BDOv&n0\ɡ[wYl@O 0Wd]f A_f|bOh޳Zo/TùLHd v"ѱ0plPFCv#߰ >)#,|H𵝦^犱̀Zԝ:6Zd;\ZJ>%v jTzJqm$!3qps4F {:Z/5*L ALH\>oz^{hdtΖb'/Qq1^R”s]qw=4OJm{X|@ăx!$k/<~tϊXl=$~5|t,CgcS% #^Π&b_wsԶeEQ&PLŽ)JqiХŠ_[=$sDs݅ ߠ^+yJ>? T|- 5O\B`t9լ`*sˠv3.JOeuMc(ŬBCd=)O?'[nEG\<>aiЀ :SA\W (|x@NlMkm-jL_ԕu`g#~"3V[œA6h4_@&s`܈}olI #Ox Cr:Y W96(5-  `⎈mee֘9DR*,E&f , ~sf㿝9QK .9Buz Ϸ;<v7s#k_2ҳe>vį-ǬyvJ^St 7tlmb @J\N >D7#D*| X^c 0У,:08utvKѺ v7"aa^n1n,ـ9&@ s=c:p3z7  ШpKTUDls^kgycE]E>*;Ѝ ϰ1igNb cgb@x=f_qxN|L/Xqxuz!}őYX&7ę /O C7Ѱ0 L{,luEG%RrNCa 0F :h2 19.f@xI1%h3l䣈mAb?iʱL}aG?q,EGJ^bd'KWܱ0^5FElT$bB}Ay,O>hA@`V\3zf7tZЮsq7MCga+cPXjcL1G\,@=փ W{څGSy6:|,݈bVQtȮ'Z:tsh{h۟XsTHهl*~&&,{+нT~xFK-^ χ"@Ԃ+"e})IDy)/ρ/($3}E.tqeaVt*N핋  <]VsTO34[;?;o;ˌhT*.㉋oڝ5'u Fɇ׽RXBYZP$Di; AHcZɊxY޿a(XECh⍿c0145]h(jE&I#;ov[b$- U.IPvᷮ g۲M) d.%rR⚫W+EiQm&' CfZ܄;66BKFslx61ͽ= )