Posted by Virus Bulletin on Oct 31, 2007
Tricks not treats as skeleton game emails link to attack.
The 'Storm' attack has once again taken advantage of a popular cultural occasion to spam out the latest wave of links to fake online games, which hide new variants of trojans designed to hijack systems and add them to a global zombie network.
Previous dates targeted by the criminals behind the attack include Valentine's Day and the Fourth of July, with news events, birthdays and other topics used in between to keep the ever-evolving attack hitting new vulnerable systems. After initial waves of spams hyping news stories, ecards became the major hook for the mails before offers of free fun and games on the web took centre stage.
The attack, variously dubbed 'Nuwar', 'Zhelatin', 'Dorf', 'Peed' etc., but commonly known as Storm, infects vulnerable systems using exploits for common browser flaws, and has been regularly updated throughout the year, with new functionality added to each wave. The botnet bult up by infected systems has been used for spamming and for DDoS attacks, including on researchers trying to analyse the attack's behaviour and sources.
More information, and screenshots of the latest wave, can be found at F-Secure (here), Sophos (here), Trend Micro (here) or WebSense (here).
A report on the evolution of the Storm worm will be included in the November issue of Virus Bulletin (publication date 1 November). Click here for details of how to subscribe.
Posted on 31 October 2007 by Virus Bulletin