Fighting malware and spam

Storm attack strikes back

Cute kitten cards cover latest wave of malware.

The Storm attack has returned with yet another wave of blended attacks, with links to the drive-by download sites of the initial trojan spammed out under cover of humorous kitten ecards.

The ecard tactic has been a favourite of the gang behind the attack for some months now, but while earlier social engineering tactics used claims that cards were sent by an acquaintance to celebrate an event, the latest run combines this with the interest value of the bizarre and amusing - the links contain variations on a theme of 'check out this hilarious card'. Following the link leads to sites hosted on zombie systems in the Storm botnet, thought to contain several hundred thousand hosts, which attempt various exploits to infiltrate vulnerable machines.

Readers are reminded of the need to exercise extreme caution viewing ecards, especially unexpected ones from untrusted sources, and are advised to ensure systems are fully patched and up to date, running quality security software and ideally well-trained spam filters.

Details of the latest wave are at McAfee here or at Websense here. More analysis of Storm and ecard trends are in recent blog entries at ESET here and Sophos here.

12 October 2007

Tags: ecard, social engineering, storm, trojan.