Ghosts, goblins and Storm Worm on Halloween

Share this article:

The Storm Worm, dormant for several weeks, made a ghoulish return today when it began attempting to seed computers with a trojan executable disguised as a dancing skeleton.

Experts had predicted this new run of Halloween spam, considering Storm Worm campaigns typically occur during major national holidays, where social engineering techniques are most effective. The trojan first appeared in January, claiming to be real news stories about a major European wind storm.

"This is an exploit that's been around all year long," Glen Myers, sales engineer for anti-spam provider Marshal, told SCMagazineUS.com today. "They're repackaging it and coming up with new techniques."

In this case, emails arrive with subjects such as "For people with a sense of humor only" or "Party on this Halloween," according to Marshal. Following the link contained in the message directs victims to a website where a malicious executable promises a dancing skeleton. But if users click, a trojan attempts to download.

"The first thing the trojan does is join you to a [bot] network and makes you a zombie," Myers said. "Your computer is…used to send out spam."

Two weeks ago, Storm Worm-infected computers were used to launch 15 million spam messages containing MP3 attachments that attempted to persuade recipients to purchase the stock of Exit Only Inc., a Canadian company that connects car buyers and sellers through text messages, MessageLabs said Tuesday.

Email users, meanwhile, should be expecting another spam run around Thanksgiving similar to today's campaign. The last major Storm Worm seeding came in early September when malware-infested emails began circulating that claimed to offer an NFL scoreboard application.

"The bottom line is, if you don't know who it's from, don't click on it," Steve Scheinbaum, vice president of Americas for Marshal, told SCMagazineUS.com.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Hackers grab email addresses of CurrentC pilot participants

Hackers grab email addresses of CurrentC pilot participants

Although the hack didn't breach the mobile payment app itself, consumer confidence may be shaken.

Operators disable firewall features to increase network performance, survey finds

Operators disable firewall features to increase network performance, ...

McAfee found that 60 percent of 504 surveyed IT professionals prioritize security as the primary driver of network design.

PCI publishes guidance on security awareness programs

PCI publishes guidance on security awareness programs

The guidance, developed by a PCI Special Interest Group, will help merchants educate staff on protecting cardholder data.