Security Labs

Alerts

BOOKMARK THIS ALERT
  digg   |     del.icio.us   |     reddit
  newsvine   |     furl   |     technorati

New malicious Storm Worm campaign: American currency

Date:07.22.2008

Threat Type: Malicious Web Site / Malicious Code

Websense® Security Labs™ ThreatSeeker™ Network has discovered a new Storm Worm campaign around the theme of the U.S. credit crunch. We have detected a series of email subject lines used to entice users into downloading a Trojan. Here are a few examples of the subjects we have seen in this campaign:

  • The new currency is coming
  • Amero arrives
  • Amero currency Union is now the reality
  • The AMERO currency replacing the Dollar

We have previously seen the group behind the infamous Storm Worm use the tried and tested U.S. Independence Day theme and capitalize on global attention around fake World War III news.

Here is a screenshot of some of the newest spam messages:


Clicking the link in one of these messages directs users to a site laden with drive-by exploits inside of a script file named ind.php. The use of this script file name has been constant throughout this campaign. In typical Storm Worm fashion, infection success rate is highly dependant on the social engineering tactic employed and thus the malicious file in this campaign is appropriately named amero.exe .

Here is a screenshot of the templated malicious Web site:

Here is a screenshot of the malicious Web site's source:

Websense Messaging Security and Websense Web Security customers are protected against this attack.