Ghosts, goblins and Storm Worm on Halloween

Share this article:

The Storm Worm, dormant for several weeks, made a ghoulish return today when it began attempting to seed computers with a trojan executable disguised as a dancing skeleton.

Experts had predicted this new run of Halloween spam, considering Storm Worm campaigns typically occur during major national holidays, where social engineering techniques are most effective. The trojan first appeared in January, claiming to be real news stories about a major European wind storm.

"This is an exploit that's been around all year long," Glen Myers, sales engineer for anti-spam provider Marshal, told SCMagazineUS.com today. "They're repackaging it and coming up with new techniques."

In this case, emails arrive with subjects such as "For people with a sense of humor only" or "Party on this Halloween," according to Marshal. Following the link contained in the message directs victims to a website where a malicious executable promises a dancing skeleton. But if users click, a trojan attempts to download.

"The first thing the trojan does is join you to a [bot] network and makes you a zombie," Myers said. "Your computer is…used to send out spam."

Two weeks ago, Storm Worm-infected computers were used to launch 15 million spam messages containing MP3 attachments that attempted to persuade recipients to purchase the stock of Exit Only Inc., a Canadian company that connects car buyers and sellers through text messages, MessageLabs said Tuesday.

Email users, meanwhile, should be expecting another spam run around Thanksgiving similar to today's campaign. The last major Storm Worm seeding came in early September when malware-infested emails began circulating that claimed to offer an NFL scoreboard application.

"The bottom line is, if you don't know who it's from, don't click on it," Steve Scheinbaum, vice president of Americas for Marshal, told SCMagazineUS.com.

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

AOL Mail hack furthers spam campaign using spoofed accounts

AOL confirmed on Monday that it was aware of the issue and working to remediate the situation.

Backdoors in Wi-Fi routers, said to be closed, can be reopened

Backdoors in Wi-Fi routers, said to be closed, ...

Although said to be patched, researcher Eloi Vanderbeken discovered during the Easter holiday that backdoors existing in certain wireless routers can be reactivated.

Apple ships Mac OS X updates, fixes several code execution bugs

Apple ships Mac OS X updates, fixes several ...

Among the addressed vulnerabilities, was a bug affecting WindowServer, which could allow an attacker to execute malicious code outside the sandbox.