0 Replies Latest reply on Dec 6, 2007 3:38 PM by HarryWaldron

    Storm Worm - Will a New Holiday version surface?

      The storm worm uses innovation both technically and in social engineering tactics. Security researchers anticipate new e-card versions could surface during the holiday season. F-Secure is already reporting two Christmas e-cards that link to malicious sites. They appear to be similar to previous Storm worm attacks in format.

      When clicking on these malicious web sites, spyware and viruses can be automatically installed without the user's knowledge if the browser is vulnerable to exploits used in these attacks. Folks should always exercise caution in email, IM, and website usage.

      GNC news - Is a holiday Storm brewing?
      http://www.gcn.com/online/vol1_no1/45492-1.html

      QUOTE: Hanukkah begins this evening at sundown, and with the arrival of a new holiday season comes a reminder that not all e-greeting cards may contain best wishes. Researchers at MX Logic’s Threat Operation Center warn of a possible outbreak of new variants of the venerable Storm Worm.

      The Storm Worm developers notoriously release variants around holidays that prey on people’s vulnerabilities to open festive greeting cards,” said Sam Masiello, director of threat management at Denver-based MX Logic. “We consider the Storm Worm variants that hit on the Fourth of July and Halloween as a precursor for another variant this holiday season.”

      Internet users should be cautious of opening e-mails that appear to be sent directly from greeting card companies such as Hallmark,” Masiello said. “Legitimate greeting card companies offer ways to open e-cards other than clicking an e-mail link. These include a confirmation code within the message. Users should copy and paste these codes directly on the e-card Web site.

      So have a Happy Hanukkah, a Merry Christmas and a Happy New Year, but think twice before clicking on that link


      Some current examples of e-card based malware as noted by AV security firms

      F-Secure - Merry Christmas e-card version #1
      http://www.f-secure.com/weblog/archives/00001327.html

      QUOTE: It's December, and we've already seen the first malware runs using fake Christmas Cards as the lure. In reality, it's a Zapchast mIRC-based backdoor.

      F-Secure - Merry Christmas e-card version #1
      http://www.f-secure.com/weblog/archives/00001330.html

      QUOTE: We've just seen another fake Christmas card malware run. The site prompts the user to download malicious macromedia-flashplayerupdate.exe. We detect this file as an Agent variant. It collects various types of information from the infected machine and sends it back to the malware author via a website.

      Trend - Season’s eGreetings from Spammers
      http://blog.trendmicro.com/seasons-egreetings-from-spammers/

      QUOTE: Spammers would like recipients to believe that these eCards come from a legitimate sender; the From line, which is spoofed, is displaying the name of a reputable company. Interestingly, the mail body bears the phrase “no worm, no virus” to falsely allay users’ fears of infection. But of course, since spammers are not exactly purveyors of truth, users do get infected.

      Symantec - Xmas eCard Spam - Malicious Downloader
      http://www.symantec.com/enterprise/security_response/weblog/2007/12/xmas_ecard_s pam_downloading_ma.html

      QUOTE: These eCards are purportedly sent from a legitimate source and try to lure the victim to click on the link to view the eCards, which have underlying tricks to try and infect the computer. With the Xmas bells starting to ring, here is the first incidence where Xmas ecards have started doing the rounds. The URL included in the eCards attempts to download "sos385.tmp" file, which is a downloader.