Secure Tomorrow

Protection from computer viruses that is

With Valentine’s Day just a couple of days away it is important to be aware that malicious viruses and worms do not take holidays off. The Storm Worm is the most likely candidate to ruin this Hallmark romantic holiday. Not even two months ago the Storm Worm took advantage of the Christmas holiday using various means to infect users. With Valentine’s Day approaching we could see similar tactics used to try to infect users again.

The FBI posted a warning yesterday to their Cyber Investigation E-scam site warning of possible Storm Worm attacks as we approach Valentines Day.

“02/11/08—With the Valentine’s Day holiday approaching, be on the lookout for spam e-mails spreading the Storm Worm malicious software (malware). The e-mail directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet-connected device and causes it to become infected and part of the Storm Worm botnet. A botnet is a network of compromised machines under the control of a single user. Botnets are typically set up to facilitate criminal activity such as spam e-mail, identity theft, denial of service attacks, and spreading malware to other machines on the Internet.

The Storm Worm virus has capitalized on various holidays in the last year by sending millions of e-mails advertising an e-card link within the text of the spam e-mail. Valentine’s Day has been identified as the next target.

Be wary of any e-mail received from an unknown sender. Do not open any unsolicited e-mail and do not click on any links provided.

If you have received this, or a similar e-mail, please file a complaint at www.ic3.gov.”

Kevin Blanchard botnet, malware, storm worm, worm

It’s been a while since I have updated. This time of year is always crazy. But at least I return with a good one. This time of year is stressful enough for many, without having to worry about things like this while trying to spread holiday cheer.

‘Tis the season and there’s a storm a brew’n. The Storm Worm that is… and it’s back. < / awful puns >

We saw the Storm Worm back at the beginning of the year (2007). It was a huge headache for home users and system admins alike. According to Wikipedia, “The Storm Worm began infecting thousands of computers (mostly private) in Europe and the United States on Friday, January 19, 2007, using an e-mail message with a subject line about a recent weather disaster, “230 dead as storm batters Europe”.[6] During the weekend there were six subsequent waves of the attack.As of Monday, January 22, 2007 the Storm Worm accounted for 8% of all infections globally.”

If you thought parents elbowing and kicking each other for the last Tickle Me Elmo doll this time of year was bad , the creators of the Storm Worm had a surprise for you, just in time for Christmas. A new version of the Storm Worm has surfaced, taking advantage of users during this holiday season.

Arstechnica is reporting that “Storm-infected systems are kicking out spam mail directing recipients to the Merry Christmasdude.com website (space inserted for security purposes). Once there, visitors are bounced to a few shell sites, shown various “holiday-themed” images and offered a (fake) video codec download. Download and install it, and the worm promptly connects to various P2P sites and begins spamming. Russ MCree at HolisticInfoSec.org has a writeup on the worm’s specific activities and system modifications for those curious about how Storm does what it does. This new iteration of Storm appears to duplicate most, if not all, of its predecessor’s approach to infecting and configuring the target PC.”

If you are concerned about infection, you should check the website of the company that makes your anti-virus program and/or a little google-fu should let you know if you are currently protected.

Some of the observed email subjects from Storm Worm include (but not limited to):

• The Twelve Girls Of Christmas
• Time for a little Christmas Cheer
• Merry Christmas To All
• Christmas Email
• Warm Up this Christmas
• The Perfect Christmas
• Santa Said, HO HO HO
• I love this Carol!
• Find Some Christmas Tail
• Mrs. Clause Is Out Tonight!
• Cold Winter Nights
• Jingle Bells, Jingle Bells

Sadly I was on vacation and unable to post about this sooner. Most of the damage will have been done on Christmas, two days ago. Hopefully this post will at least minimize any aftershocks or allow users who may have been infected and not realize it to be aware of this worm and do something about it.

Kevin Blanchard botnet, storm worm, worm