Another holiday, another run of the Storm Worm.
McAfee has a good write-up on the incident.
Researchers from the security company said that over the weekend, new versions of the notorious trojan began spreading in the form of a Labor Day-themed greeting card email. Unsuspecting laborers who clicked on the link – and whose systems were not patched – were greeted not with well wishes but a slew of exploits.
The attack hoped to take advantage of a previously patched Microsoft vulnerability. But that’s not the bad news because, if you’re even somewhat of a security savvy end-user, chances are your PC is up to date with the latest Redmond patches.
The problem is that the storm worm also tries to exploit third-party vulnerabilities, like WinZip and QuickTime buffer overflows.
I don’t know about you, but I don’t think I’m fully upgraded to the latest applications on my machine.
The main takeaway? The storm worm is not going anywhere. And with the holiday season coming up, attackers are on course to only continue to power their botnets with more compromised computers.
One can bet that the attackers’ tactics to infect users are only going to grow more sophisticated. But, for the immediate future at least, users control their own destiny.
No click, no infection.