Fighting malware and spam

Storm spams return to fake news alert roots

Fake China earthquake warning followed by swathe of dramatic spoof stories.

The 'Storm' spammers seem to have returned to one of their first tactics in the latest round of mails, using sensational fake news stories to lure new victims into their clutches.

The spam botnet, run by malware variously dubbed 'Nuwar', 'Peacomm', 'Zhelatin' or 'Dorf', took its popular name from an early run which took advantage of news reports of major storms in Europe in late 2006. The attack has evolved and returned in regular waves, with a wide range of new social engineering tactics put to use to attract new victims into following links in emails which lead to infection. It appears that the latest wave has once again taken the form of spoofed news stories to grab the attention of recipients.

An initial influx of spams seen this week exploited recent catastrophic earthquakes in China and the forthcoming Olympic Games to be held there, with the fake story describing another quake, this time hitting Beijing and jeopardising the planned sporting events. Links in the mails led to what purported to be a video of the quake, but was in fact a malicious executable.

This campaign was swiftly followed by a series of similarly hyperbolic stories, including weather damage to the Eiffel Tower and the White House, and the withdrawal of Barack Obama from the US presidential election campaign - all these spoof news alerts have been linked to the same malware family. It seems likely that the malware is in use by several separate groups of cybercrooks, each adding their own spin to distribution tactics.

Blog coverage of the earthquake spams is at F-Secure here, at McAfee here, at Sophos here and at Websense here. Details on the later spoof news stories is at F-Secure here or at McAfee here.

20 June 2008

Tags: china, cybercrime, malware, social engineering, storm.   

0 comments

Comments are closed.