Storm Worm tactic - Earthquake in China and upcoming Olympics
Threat Type: Malicious Web Site / Malicious Code
Websense® Security Labs™ ThreatSeeker Network has discovered a new Storm Worm social-engineering tactic, capitalizing on the recent global attention around 2 major events: the recent natural disaster in China and the upcoming Olympics, also to be held in China.
These malicious sites speculate that the upcoming Olympics in Beijing would be "under the threat of failure" because of the recent earthquake in China, and then tricks visitors to click on what looks like an embedded flash video player, that really leads to the download of a malicious executable. Users that open this file will have their desktop infected with a Trojan.
We have detected email lures containing links to these sites spreading rapidly through our Websense Hosted Email Security and Websense Email Security.
The US Computer Emergency Readiness Team (US-CERT) has also reported this on their web site: New Storm Worm Variant Spreading (June 19, 2008 at 11:23 am)
This is what the malicious page looks like:
Screenshot of the malicious web site's source code:
Here is a brief 5 min. video clip showing how we are handling this threat, including a sneak-peak into ThreatSeeker with commentary from Websense CTO, Dan Hubbard.
QuickTime .mov download (right-click, save as):
Websense Messaging and Websense Web Security customers are protected against this attack.