Ghosts, goblins and Storm Worm on Halloween

Share this article:

The Storm Worm, dormant for several weeks, made a ghoulish return today when it began attempting to seed computers with a trojan executable disguised as a dancing skeleton.

Experts had predicted this new run of Halloween spam, considering Storm Worm campaigns typically occur during major national holidays, where social engineering techniques are most effective. The trojan first appeared in January, claiming to be real news stories about a major European wind storm.

"This is an exploit that's been around all year long," Glen Myers, sales engineer for anti-spam provider Marshal, told SCMagazineUS.com today. "They're repackaging it and coming up with new techniques."

In this case, emails arrive with subjects such as "For people with a sense of humor only" or "Party on this Halloween," according to Marshal. Following the link contained in the message directs victims to a website where a malicious executable promises a dancing skeleton. But if users click, a trojan attempts to download.

"The first thing the trojan does is join you to a [bot] network and makes you a zombie," Myers said. "Your computer is…used to send out spam."

Two weeks ago, Storm Worm-infected computers were used to launch 15 million spam messages containing MP3 attachments that attempted to persuade recipients to purchase the stock of Exit Only Inc., a Canadian company that connects car buyers and sellers through text messages, MessageLabs said Tuesday.

Email users, meanwhile, should be expecting another spam run around Thanksgiving similar to today's campaign. The last major Storm Worm seeding came in early September when malware-infested emails began circulating that claimed to offer an NFL scoreboard application.

"The bottom line is, if you don't know who it's from, don't click on it," Steve Scheinbaum, vice president of Americas for Marshal, told SCMagazineUS.com.

Share this article:
You must be a registered member of SC Magazine to post a comment.
close

Next Article in News

Sign up to our newsletters

TOP COMMENTS

More in News

Adobe exploit used to spread Dyre credential stealer

Adobe exploit used to spread Dyre credential stealer

Users running vulnerable Adobe software could be in danger of having credentials for Bitcoin websites stolen.

Staples is investigating a potential issue involving credit card data

Staples is investigating a potential issue involving credit ...

The company said it is investigating a potential issue involving credit card data and that customers are not responsible for fraudulent activity on cards if an issue is discovered.

Skills set a priority over legacy prejudices, experts say

Skills set a priority over legacy prejudices, experts ...

Cybersecurity expert Winn Schwartau and Robert Clark, a cyber law attorney at the Army Cyber Institute, discussed issues around hiring in the information security industry.