'Storm' Trojan horse may turn to hyping Hurricane Dean

The 8-month old Storm Trojan horse may soon come full circle and take up touting Hurricane Dean, the Category 5 storm that slammed into Mexico Tuesday, security researchers said.

Other stories on this topic
Beware of bot herders 3/20/2007
Report says identity thieves working hand in hand with 'bot herders' 3/19/2007
'Storm Trojan' ignites worm war 2/14/2007
Powered by Inform
RSS feed

Storm, also known as Peacomm, started life in January as malware attached to messages that shilled fake news accounts of a massive series of wind storms that struck Europe. One of the first Storm-bearing messages dangled the subject head "230 dead as storm batters Europe" to tempt users into launching the file. Recipients who clicked on the attached executable were infected by the Trojan horse, which turned their systems into spam-spewing zombies.

New! Watch this Network World Webcast - Security Information Management Solutions: Beyond Threat Management

Symantec researchers are betting that the malware's makers will try the same trick with Dean.

"We expect it to again come on the back of big news items," said Alfred Huger, vice president of engineering at Symantec's security response group.

Huger's prediction is based on analysis done by Hon Lau, a senior security response manager at Symantec. Hon's take, spelled out in a posting to Symantec's blog Tuesday, is that Storm's creators are, if nothing else, very adept at crafting socially engineered messages persuasive enough or tempting enough to get people to launch files or click on links.

"In particular, they have a knack for latching on to the latest newsworthy events and capitalizing on the public interest in them," Hon said. "And if no newsworthy events are happening at the time, then they will just make them up."

Although Storm, which Symantec calls Peacomm, is currently being spread by a different campaign inviting users to join various "clubs," ranging from cell phone ring-tone and photo groups to wine-tasting and cooking clubs, Hon expects to see Dean-related messaging soon. "As Dean lash[es] the areas around the Gulf of Mexico, don't be surprised to get e-mails about damage or death caused in its wake," he said.

"[Storm's makers] tend to try to take advantage of the newest news," agreed Huger, who also explained the likely motive. "I expect that they have a better take-up rate when they use news." But other than their social engineering skills, Storm's creators haven't impressed him much, even though others have fingered the malware as the basis for building large botnets that have unleashed record levels of spam, especially pump-and-dump, stock-scam junk mail. "It's about average," Huger said. "A little more sophisticated maybe, but it doesn't really stand out."   

1 | 2 |  Next >

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.
Recent News:
· Feds draw a bead on Russian behind Mega-D botnet
· Ransomware Attack Resurfaces to Hold Files Hostage
· Adobe Reader X Makes PDF Files Safer
· PayPal Users Beware of Holiday Phishing Scam
· McAfee Reports Malware at All-Time High
Site Map | Recent News | Related Sites

Copyright © 2006 EmailSafety.net - All Rights Reserved.