Security Watch

Keeping Track of patches and hacks in the IT security world.

'Storm Worm' Launches Christmas, New Year's Attack

After a brief lull, the "Storm Worm" malware attacks returned with a bang this holiday season, using electronic greeting card lures to build and replenish one of the most notorious spam botnets.

The latest social engineering attacks began just before Christmas Day with a large spam run using a malicious link embedded in e-mail messages.

A Windows user clicking on the link was being redirected to a "Mrs Clause" Web site (see screenshot from Trend Micro) that was loaded with malware exploits.


According to Arbor Networks researcher Jose Nazario, the attackers are using fast-flux techniques to hide the malicious sites and avoid takedown by law enforcement officials.

Immediately after Christmas Day, the attackers switched the lures to target the New Year's holiday -- spamming malicious executables in "Happy New Year" e-greeting cards. Here's a sample list of the subject lines being used.

The US-CERT (United States Computer Emergency Response Team) has issued an alert to warn of the latest "Storm Worm" attacks.

"This Trojan is spread via an unsolicited e-mail message that contains a link to a malicious Web site. When the malicious link is followed, the Trojan may attempt to exploit an unpatched vulnerability or continue to rely on social engineering to download and install the file on the user's system."

To migitate the risks, US-CERT recommends:

"Install anti-virus software, and keep its virus signature files up-to-date.Block executable and unknown file types at the e-mail gateway.Refer to the Recognizing and Avoiding E-mail Scams document (.pdf) for more information on avoiding e-mail scams.Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks."