MX Logic
Resources Support Contact MX Logic Login
Search
MX Logic Advantage Services Technology Partners News & Events About MX Logic

MX Logic » MX Logic IT Security Blog
05 July 2007

Another

Just in time for the 4th of July holiday we saw another Storm blow in which kept us hopping over the mid-week holiday. This wasn't a storm that cancelled any fireworks celebrations, but could certainly make ruin the day of PCs (and their owners) who get infected with this new threat.

This new variant is another in a line of Storm worms that we have seen since the early part of the year. There was one new twist with this new variant and a moderate re-use of an old Storm worm tactic.

As with the original Storm worm variants, it used current events as a lure to get someone to open the message. In this case, the worm used a number of July 4th related subject lines like "Happy 4th July", "Happy Birthday America", "Your Nations [sic] Birthday." Once opened, the message contained an invitation for the user to view an ecard that was sent to them purportedly by a number of different people (friends, family members, etc). Unfortunately, the only celebration to be had if the link was clicked on was by the person or people behind the scam as you happily download malware onto your PC which will turn your machine into a spambot to further propagate the worm.

So, the new twist (at least as far as the Storm worm is concerned) that I alluded to earlier is the use of a link to direct the user to downloading the malware off of an external site as opposed to an executable file attached to the message that we had seen by most of the preceding Storm Worm variants. This is a growing trend that we are seeing lately not only in the proliferation of malware, but also with image spam where the content delivery is being done remotely as opposed to attaching the payload directly to the message itself.

Traffic associated with this new Storm Worm variant has been very high since it originally started coming in on Tuesday morning. At its peak email associated with this worm accounted for 1 in 13 messages being processed by the MX Logic Threat Center. Compare this with some of the most prolific worms that we have seen such as Sober.N (1 in 7 messages from May, 2005) and Sobig.F (1 in 12 from August, 2003) and this one ranks right up there. Due to the short term relevance of this variant though (centered around a specific holiday event), it isn't likely to have any staying power, however machines that are infected can and likely will be used as vehicles for delivery of future variants of this worm.

Posted by smasiello at 11:09 AM | Link | 0 comments
Comments

No comments found.

Post a Comment
Name:   Required
Email:   Required your email address will not be publicly displayed.

Anti-spam key

Type in the text that you see in the above image:

Your comment:

Sorry, no HTML allowed!

MSP Mentor

Privacy Policy
© MX Logic, Inc.
All Rights Reserved.

MX Logic
9781 S. Meridian Blvd. Suite 400 Englewood, CO 80112
Toll-Free: +1.877.MXLOGIC

  MX Logic provides Email Filter, Web Filter and Email Archiving services for use in network security.