The Storm worm takes no holidays; over this past long weekend this busy piece of malware emerged as part of a spam campaign that pointed recipients to a Web site wishing them a happy Labor Day, then downloaded
an “exploit cocktail.”
According to McAfee Avert Labs researcher Vinoo Thomas, who posted an item to the security vendor’s blog on Tuesday, this
spam is an HTML-formatted e-mail that invites recipients to view an e-greeting card. However the link to the Web site is disguised
to look like it’s pointing to a Hallmark site; the spammer used anchor tags in HTML to mask the link that actually points to a malware-laden site, he says.
New! Watch this Network World Webcast - Security Information Management Solutions: Beyond Threat Management
Once the recipients click on the link, they are sent to a site with a Labor Day cartoon greeting and “everything looks hunky
dory except an unsuspecting user is served an …exploit cocktail in the background,” Thomas says. The exploit cocktail is composed
of Microsoft, QuickTime, and WinZip exploits.
The Storm worm has been part of a number of recent spam campaigns, including one that used the popular Web site YouTube as bait, and another that posed as an account-confirmation e-mail.
“W32/Nuwar, aka the Storm worm, since its debut in November 2006 has relentlessly flooded Internet users with its ever-changing
e-mail campaigns,” Thomas writes in the blog. “…The Storm worm authors have this uncanny knack of using sensationalist themes
that draw public attention.”
|
