resource center
  See your link here
|
Computerworld - A new campaign by the Storm Trojan horse began on Monday, as spam posing as April Fools' Day messages flooded in-boxes, several security companies said.
According to analysts at F-Secure Corp., the SANS Institute's Internet Storm Center (ISC), Symantec Corp. and others, spam bearing a wide range of April Fools' Day subjects started showing up Monday. Among the subject headings, said ISC researcher Stephen Hall in a post to the group's blog, were "All Fools' Day," "Doh! April Fool" and "Surprise! The joke's on you."
The messages carried no text; only a link to an April Fools'-themed URL that in turn tried to download or convince users to download an executable with filenames such as "foolsday.exe" and "kickme.exe." These executables were, in fact, the Storm Trojan horse, which is identified by some security vendors as Dorf, Nuwar or Peacomm.
Storm's creators have a history of using holidays to spread their malware, which is designed to add infected Windows PCs to a botnet that can be used for additional spam blasts or for launching denial-of-service attacks. The last major Storm run was in the weeks leading up to Valentine's Day, for example.
Several security firms posted the image that appears when a user clicks on the link within the Storm spam mail, including McAfee Inc. The image is accompanied by text that reads "Your download will start in 5 seconds. If your download does not start, click here and then press 'Run.'"
"If you wait those five seconds, it'll try to download file funny.exe to your computer," said analyst Dmitry Gryaznov on McAfee's blog. "If you click on the image, it's kickme.exe. And if you click on 'click here,' it's foolsday.exe. All of them are nothing but a new Nuwar [Storm] variant."
Another researcher, Robert McArdle at Trend Micro Inc., pointed out that the malware authors didn't even bother to come up with an original image but instead grabbed one off the Web. "Too lazy to actually create their own image to represent the holiday, the group simply Googled 'April Fools' and used the first image that showed up," said McArdle on the TrendLabs blog.
Storm has been linked by some researchers to the notorious Russian Business Network (RBN) malware-hosting organization, and at times, Storm-related messages have produced significant spikes in spam volume.
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
Sign up to receive updates on the latest Security resources
CIO
Computerworld
CSO
DEMO
GamePro
Games.net
IDC
IDG
IDG Connect
IDG Knowledge Hub
IDG TechNetwork
IDG Ventures
IDG.net
InfoWorld
ITwhitepapers
ITworld
JavaWorld
LinuxWorld
Macworld
Network World
PC World
The Industry Standard
Copyright © 1994 - 2009 Computerworld Inc. All
rights reserved. Reproduction in whole or in part in any form or medium
without express written permission ofComputerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc. |
