0 Replies Latest reply on Dec 26, 2007 7:40 AM by HarryWaldron

    Storm Worm - Christmas and New Years e-card dangers

      A new version of the Storm Worm is circulating and it invites folks to visit websites that contain malicious agents that can infect your PC. Always avoid suspicious and unexpected email, and please do not follow any of these links. The Storm Worm is one of the most advanced malware attacks circulating and may be difficult to detect or clean from your system.

      New Storm Worm - New Years Theme
      http://isc.sans.org/diary.html?storyid=3784
      http://www.avertlabs.com/research/blog/index.php/2007/12/25/and-a-happy-nuwar/
      http://www.f-secure.com/weblog/archives/00001350.html
      http://blog.trendmicro.com/holidays-proving-stormy/
      http://holisticinfosec.blogspot.com/2007/12/new-years-storm-deja-vu.html

      QUOTE: This version is a New Years-themed e-card directing victims to a malicious website with malware behind it. The message comes in with a number of subjects and body-text. The one line message bodies are also being used as the subject lines.

      Below are examples of email subject lines seen so far:

      A fresh new year
      As the new year...
      As you embrace another new year
      Blasting new year
      Happy 2008!
      Happy New Year!
      It's the new Year
      Joyous new year
      New Hope and New Beginnings
      New Year Ecard
      New Year Postcard
      Opportunities for the new year
      Wishes for the new year
      Happy New Year to You!
      Happy New Year to <email address>
      Lots of greetings on the new year
      New Year wishes for You


      There is also a Christmas e-card version that started circulating on Christmas Eve:

      New Storm Worm - Christmas Theme
      http://www.f-secure.com/weblog/archives/00001349.html
      http://blog.trendmicro.com/here-comes-storm-again/
      http://www.avertlabs.com/research/blog/index.php/2007/12/24/merry-christmas-nuwa r-style/
      http://www.symantec.com/enterprise/security_response/weblog/2007/12/is_thatreall y_you_santa.html

      QUOTE: It turns out that the Storm gang was going to do a Christmas Malware run after all, they just decided to start it surprisingly late - on Christmas eve itself! This site contains a new version of the Storm Worm. The IP address of the site changes every second. Don't be naughty and go wondering to that domain. Please do not click on the "Download For Free Now" button as it will get you infected. Merry Christmas, y'all!