Application security, Malware, Phishing

Ghosts, goblins and Storm Worm on Halloween

The Storm Worm, dormant for several weeks, made a ghoulish return today when it began attempting to seed computers with a trojan executable disguised as a dancing skeleton.

Experts had predicted this new run of Halloween spam, considering Storm Worm campaigns typically occur during major national holidays, where social engineering techniques are most effective. The trojan first appeared in January, claiming to be real news stories about a major European wind storm.

"This is an exploit that's been around all year long," Glen Myers, sales engineer for anti-spam provider Marshal, told SCMagazineUS.com today. "They're repackaging it and coming up with new techniques."

In this case, emails arrive with subjects such as "For people with a sense of humor only" or "Party on this Halloween," according to Marshal. Following the link contained in the message directs victims to a website where a malicious executable promises a dancing skeleton. But if users click, a trojan attempts to download.

"The first thing the trojan does is join you to a [bot] network and makes you a zombie," Myers said. "Your computer is…used to send out spam."

Two weeks ago, Storm Worm-infected computers were used to launch 15 million spam messages containing MP3 attachments that attempted to persuade recipients to purchase the stock of Exit Only Inc., a Canadian company that connects car buyers and sellers through text messages, MessageLabs said Tuesday.

Email users, meanwhile, should be expecting another spam run around Thanksgiving similar to today's campaign. The last major Storm Worm seeding came in early September when malware-infested emails began circulating that claimed to offer an NFL scoreboard application.

"The bottom line is, if you don't know who it's from, don't click on it," Steve Scheinbaum, vice president of Americas for Marshal, told SCMagazineUS.com.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.