Storm Worm - Christmas and New Years e-card dangers - Security Protection

Common Tasks

Community

Email Notifications

Personal Links

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Storm Worm - Christmas and New Years e-card dangers

Storm A new version of the Storm Worm is circulating and it invites folks to visit websites that contain malicious agents that can infect your PC. Always avoid suspicious and unexpected email, and please do not follow any of these links. The Storm Worm is one of the most advanced malware attacks circulating and may be difficult to detect or clean from your system.

Lightning New Storm Worm - New Years Theme
http://isc.sans.org/diary.html?storyid=3784
http://www.avertlabs.com/research/blog/index.php/2007/12/25/and-a-happy-nuwar/
http://www.f-secure.com/weblog/archives/00001350.html
http://blog.trendmicro.com/holidays-proving-stormy/
http://holisticinfosec.blogspot.com/2007/12/new-years-storm-deja-vu.html

QUOTE: This version is a New Years-themed e-card directing victims to a malicious website with malware behind it. The message comes in with a number of subjects and body-text. The one line message bodies are also being used as the subject lines.

Below are examples of email subject lines seen so far:

A fresh new year
As the new year...
As you embrace another new year
Blasting new year
Happy 2008!
Happy New Year!
It's the new Year
Joyous new year
New Hope and New Beginnings
New Year Ecard
New Year Postcard
Opportunities for the new year
Wishes for the new year
Happy New Year to You!
Happy New Year to <email address>
Lots of greetings on the new year
New Year wishes for You

There is also a Christmas e-card version that started circulating on Christmas Eve:

Lightning New Storm Worm - Christmas Theme
http://www.f-secure.com/weblog/archives/00001349.html
http://blog.trendmicro.com/here-comes-storm-again/
http://www.avertlabs.com/research/blog/index.php/2007/12/24/merry-christmas-nuwar-style/
http://www.symantec.com/enterprise/security_response/weblog/2007/12/is_thatreally_you_santa.html

QUOTE: It turns out that the Storm gang was going to do a Christmas Malware run after all, they just decided to start it surprisingly late - on Christmas eve itself! This site contains a new version of the Storm Worm. The IP address of the site changes every second. Don't be naughty and go wondering to that domain. Please do not click on the "Download For Free Now" button as it will get you infected. Merry Christmas, y'all!

Posted: Dec 26 2007, 01:09 PM by Harry Waldron | with 3 comment(s)

Comments

julea said:

not to be confused with real good ecards...smilebox is a great program.

# December 29, 2007 1:04 PM

Harry Waldron - My IT Forums Blog said:

This new 2008 version of the Storm Worm has improvements in the technical designs as well New and Improved

# December 31, 2007 10:43 AM

Harry Waldron - Microsoft MVP Blog said: