Another Storm Worm Variant Hits on Easter Sunday
This new variant appears to be attempting to play on social tensions between the United States and Iran with regards to Iran's developing nuclear weapons program sending itself using email subject lines like "USA Just Have Started World War III", "Missle Strike: The USA kills more then 20000 Iranian citizens", and "USA Missile Strike: Iran War just have started." The email contains a binary executable attachment with fairly innocuous names like "video.exe", "click me.exe", and "readme.exe."
As with the original Storm Worm this new variant spread quickly as unwary users happily clicked the file attached to the message. We haven't seen traffic with this most recent outbreak nearly to the levels that we saw with the original. That is likely because the social engineering tactic used with this latest variant was not nearly as well executed (i.e. it poorly played upon a current news story). Additionally, it was released on Easter Sunday when many folks across the world are celebrating the holiday with their families, and not necessarily checking their email.
Expect to see more variants of this latest malware come out as news stories continue to unfold over the coming weeks. The proof of concept utilizing current events as an initial lure continues to be effective. Outbreak levels, however are not nearly what we have seen in the past with some of the Sober variants from 2005 where emails promising free World Cup tickets and videos of Paris Hilton ran rampant across the Internet. By sheer volume those Sober outbreaks dwarf what we have seen since. Combine overall low user confidence and trust in email with the fact that many malware authors have moved onto more stealth methods of injecting malware onto user's PCs, we are not likely to see email virus outbreaks of that magnitude ever again.
