No foolin', say researchers -- Storm attack under way
New spam run touts April Fools' Day but delivers bot Trojan horse instead
Computerworld - A new campaign by the Storm Trojan horse began on Monday, as spam posing as April Fools' Day messages flooded in-boxes, several security companies said.
According to analysts at F-Secure Corp., the SANS Institute's Internet Storm Center (ISC), Symantec Corp. and others, spam bearing a wide range of April Fools' Day subjects started showing up Monday. Among the subject headings, said ISC researcher Stephen Hall in a post to the group's blog, were "All Fools' Day," "Doh! April Fool" and "Surprise! The joke's on you."
The messages carried no text; only a link to an April Fools'-themed URL that in turn tried to download or convince users to download an executable with filenames such as "foolsday.exe" and "kickme.exe." These executables were, in fact, the Storm Trojan horse, which is identified by some security vendors as Dorf, Nuwar or Peacomm.
Storm's creators have a history of using holidays to spread their malware, which is designed to add infected Windows PCs to a botnet that can be used for additional spam blasts or for launching denial-of-service attacks. The last major Storm run was in the weeks leading up to Valentine's Day, for example.
Several security firms posted the image that appears when a user clicks on the link within the Storm spam mail, including McAfee Inc. The image is accompanied by text that reads "Your download will start in 5 seconds. If your download does not start, click here and then press 'Run.'"
"If you wait those five seconds, it'll try to download file funny.exe to your computer," said analyst Dmitry Gryaznov on McAfee's blog. "If you click on the image, it's kickme.exe. And if you click on 'click here,' it's foolsday.exe. All of them are nothing but a new Nuwar [Storm] variant."
Another researcher, Robert McArdle at Trend Micro Inc., pointed out that the malware authors didn't even bother to come up with an original image but instead grabbed one off the Web. "Too lazy to actually create their own image to represent the holiday, the group simply Googled 'April Fools' and used the first image that showed up," said McArdle on the TrendLabs blog.
Storm has been linked by some researchers to the notorious Russian Business Network (RBN) malware-hosting organization, and at times, Storm-related messages have produced significant spikes in spam volume.
Read more about Security in Computerworld's Security Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts