Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

Latest Storm worm malicious campaign: US Independence Day

Date:07.04.2008

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has discovered a new Storm worm campaign emerging. To tie in with the 4th of July Independence Day celebrations in the US, we have detected a series of email subject lines around this theme to entice users into downloading a Trojan.

We have just previously seen the group behind the infamous Storm worm utilize the tried and tested 'I love you' theme and then capitalizing on the global attention around the Olympics to be held in Beijing.

Here are some samples:

Clicking on the link in the email directs the user to a site laden with drive-by exploits inside of a script file named ind.php. The use of this script file name has been constant throughout this campaign. In a typical Storm worm fashion, its infection success rate is highly dependant on the social engineering tactic employed and thus the malicious file is appropriately named fireworks.exe.

Screenshot of malicious web site:

Here are a few examples of the varied subjects we have seen in this campaign:

Amazing firework 2008
America for You and Me
Celebrate Independence
Happy Fourth of July
Light up the sky
Stars and Strips forever
Super 4th!

Websense Messaging and Websense Web Security customers are protected against this attack.