Riding Out the Storm
Well, it’s been a couple of months now and the Storm Worm that took over the Internet like a hurricane is back, sending wave after wave of attacks on unsuspecting end users.
Wave one was a hailstorm of e-mails sent out that referenced “Love“ or something romantic in the subject line, in order to entice users into opening the e-mail. The sheer numbers of the spam mail tripled to be the second highest e-mail threat in 12 months, with about six million e-mails sent out after the dust had settled. This particular e-mail threat is a little on the lame side and in most cases, could be scuffed off as an obvious ploy to get a reader to open the message. This is just phase one of the attack though, which in many security experts’ opinion, could help set up the second wave of the attack by giving it a false sense of validity.
Wave two consisted of sending out e-mails with “Virus Alert!” or something similar in the subject line. The e-mail also contained a zip file attachment that claims it is the fix or update that will get the virus you have on your system off. So, basically, the e-mail is trying to convince the reader that they are already infected and this attachment is the only way to get rid of it. In the body of the e-mail, there is a password. This is used to apparently unlock the “fix,” allowing you to open and install it. Of course, if you do open the zip file, chances are, if you weren’t infected before, you are now.
If you remember the Storm Trojan, it is a nasty and clever customer that pioneered new methods of infecting a user’s PC. It came with well thought out strategies to stay concealed as well. Now, technology is in place to cover its tracks on the local machine, thanks to the installation of a rootkit, which has the ability to cloak all of the virus’ activity. The Storm Trojan also has the ability to turn off your local security measures, which further masks itself and the activities that it’s maliciously conducting on the infected machine. After the initial infection, the virus will attempt to connect to a P2P network to update itself and to upload any information it has aggregated by going through the user’s hard disk drive(s). Of course, the Storm Trojan also scans your hard drive for any e-mail addresses it can send itself to, in order to propagate. And last, but definitely not least, there’s the fact that your infected PC is now a zombie machine and part of a bot network, just waiting for orders.
Between the mass mailing of this and another e-mail message using the Storm Worm with subject lines, such as “Missile [sic] Strike: The USA Kills More Than [sic] 20,000 Iranian Citizens,” “USA Declares War on Iran” and “USA Just Have Started World War III,” this has been the most active week in 12 months for e-mail born attacks. This comes after I have said in more than one of my recent security articles that we are seeing a serious decline of these types of attacks. Well, I guess it was the calm before the storm. Thank goodness the taste of my shoes doesn’t bother me too much!
Well, with the attack occurring over last weekend and early this week, the attack is a couple of days old now and anti-security companies have, for the most part, come out with the necessary updates to protect your system. (Keep in mind that they only work if you update your antivirus software). That, along with the fact that no matter what an e-mail subject line says, our readers should know to never open e-mails that seem strange, especially if they’re from someone you don’t know or if they have an attachment. Bet you didn’t see that coming, did you?!
So, remember to update, update and update some more. And please, don’t open unknown e-mails, especially any with attachments. If you follow those rules, you should be just fine.
Until next week, stay safe out there!
~ Chad Stelnicki