Ghosts, goblins and Storm Worm on Halloween

Share this article:

The Storm Worm, dormant for several weeks, made a ghoulish return today when it began attempting to seed computers with a trojan executable disguised as a dancing skeleton.

Experts had predicted this new run of Halloween spam, considering Storm Worm campaigns typically occur during major national holidays, where social engineering techniques are most effective. The trojan first appeared in January, claiming to be real news stories about a major European wind storm.

"This is an exploit that's been around all year long," Glen Myers, sales engineer for anti-spam provider Marshal, told SCMagazineUS.com today. "They're repackaging it and coming up with new techniques."

In this case, emails arrive with subjects such as "For people with a sense of humor only" or "Party on this Halloween," according to Marshal. Following the link contained in the message directs victims to a website where a malicious executable promises a dancing skeleton. But if users click, a trojan attempts to download.

"The first thing the trojan does is join you to a [bot] network and makes you a zombie," Myers said. "Your computer is…used to send out spam."

Two weeks ago, Storm Worm-infected computers were used to launch 15 million spam messages containing MP3 attachments that attempted to persuade recipients to purchase the stock of Exit Only Inc., a Canadian company that connects car buyers and sellers through text messages, MessageLabs said Tuesday.

Email users, meanwhile, should be expecting another spam run around Thanksgiving similar to today's campaign. The last major Storm Worm seeding came in early September when malware-infested emails began circulating that claimed to offer an NFL scoreboard application.

"The bottom line is, if you don't know who it's from, don't click on it," Steve Scheinbaum, vice president of Americas for Marshal, told SCMagazineUS.com.

Share this article:
close

Next Article in News

Sign up to our newsletters

More in News

Latest Citadel trick allows RDP access after malware's removal

Latest Citadel trick allows RDP access after malware's ...

Trusteer, an IBM company, said the new Citadel configuration was detected this month.

Cryptoblocker variant emerges, encryption differs from CryptoLocker

Trend Micro has detected a variant of CryptoLocker in the wild that relies on the advanced encryption standard.

Jimmy John's sandwich chain investigating possible breach

Some financial institutions have indicated that credit cards recently used at Jimmy John's locations have been used to make fraudulent purchases.