Tip #3683 - Riding Out the Storm
Printer Friendly Version | E-Mail This Tip
Riding
Out the Storm
Well, it’s been
a couple of months now and the Storm
Worm that took over the Internet like a hurricane is back, sending
wave after wave of attacks on unsuspecting end users.
Wave one was a hailstorm
of e-mails sent out that referenced “Love“ or something romantic
in the subject line, in order to entice users into opening the e-mail.
The sheer numbers of the spam mail tripled to be the second highest e-mail
threat in 12 months, with about six million e-mails sent out after the
dust had settled. This particular e-mail threat is a little on the lame
side and in most cases, could be scuffed off as an obvious ploy to get
a reader to open the message. This is just phase one of the attack though,
which in many security experts' opinion, could help set up the second
wave of the attack by giving it a false sense of validity.
Wave two consisted
of sending out e-mails with “Virus Alert!” or something similar
in the subject line. The e-mail also contained a zip file attachment that
claims it is the fix or update that will get the virus you have on your
system off. So, basically, the e-mail is trying to convince the reader
that they are already infected and this attachment is the only way to
get rid of it. In the body of the e-mail, there is a password. This is
used to apparently unlock the “fix,” allowing you to open
and install it. Of course, if you do open the zip file, chances are, if
you weren’t infected before, you are now.
If you remember the
Storm Trojan, it is a nasty and clever customer that pioneered new methods
of infecting a user's PC. It came with well thought out strategies to
stay concealed as well. Now, technology is in place to cover its tracks
on the local machine, thanks to the installation of a rootkit,
which has the ability to cloak all of the virus’ activity. The Storm
Trojan also has the ability to turn off your local security measures,
which further masks itself and the activities that it's maliciously
conducting on the infected machine. After the initial infection, the virus
will attempt to connect to a P2P
network to update itself and to upload any information it has aggregated
by going through the user's hard disk drive(s). Of course, the Storm Trojan
also scans your hard drive for any e-mail addresses it can send itself
to, in order to propagate. And last, but definitely not least, there's
the fact that your infected PC is now a zombie machine and part of a bot
network, just waiting for orders.
Between the mass mailing
of this and another e-mail message using the Storm Worm with subject lines,
such as "Missile [sic] Strike: The USA Kills More Than [sic] 20,000
Iranian Citizens," "USA Declares War on Iran" and "USA
Just Have Started World War III," this has been the most active week
in 12 months for e-mail born attacks. This comes after I have said in
more than one of my recent security articles that we are seeing a serious
decline of these types of attacks. Well, I guess it was the calm before
the storm. Thank goodness the taste of my shoes doesn’t bother me
too much!
Well, with the attack
occurring over last weekend and early this week, the attack is a couple
of days old now and anti-security companies have, for the most part, come
out with the necessary updates to protect your system. (Keep in mind that
they only work if you update your antivirus software). That, along with
the fact that no matter what an e-mail subject line says, our readers
should know to never open e-mails that seem strange, especially if they're
from someone you don't know or if they have an attachment. Bet you didn’t
see that coming, did you?!
So, remember to update,
update and update some more. And please, don’t open unknown e-mails,
especially any with attachments. If you follow those rules, you should
be just fine.
Until next week, stay
safe out there!
~ Chad Stelnicki
Want To Comment On This Tip? Click Here! We'd love to hear from you :-)
Like These Tips? Get 'Em Free In Your E-mail
