Storm Worm Exploits Credit Crisis in US to Launch Attack

Websense Security Labs ThreatSeeker Network on July 22, 2008 has detected a new spam campaign running by the infamous Spam botnet to exploit the latest economic gloom.

Thus, according to the Security Specialists at Websense, the new Storm campaign is revolving around the subject of the current credit crisis in the US. These experts have found a range of related e-mail headlines crafted to lure users into installing a Trojan.

The headlines are rather attractive such as "Amero arrives," "The Amero currency replacing the Dollar," "Amero Currency Union is now the reality" and "The new currency is coming."

The researchers also indicated that the criminal gang behind the Storm worm has been using US Independence Day topic, and takes advantage of the world's attention on the fake World War III news. Hence, when users click on a link in any of these e-mails, they are directed to a Website hosting drive-by exploits included in a file named ind.php. As per reports, this file name has remained constant throughout the campaign.

The experts indicated that apart from using these rumors as baits for curious Internet users, the new and more effective social engineering trick used in the attack is related to the monetary crisis that appears to be a real concern for everyone.

Historically, the Storm worm acquired its name after starting mass-mailing campaigns on a bad storm in Europe during January 2007. After that, it re-emerged several times, especially on important days like Christmas and the first day of a New Year.

Similarly, numerous other e-mails are dispatched to surfers worldwide, soliciting them to follow a link to get more news or other treats. But the link normally redirects the user to a hijacked Website that downloads malware onto a visitor's computer.

Moreover, in other related news, Security Analysts at Trend Micro in mid-July 2008 detected e-mails that carried the malicious Storm. These e-mails mentioned about the North American Currency Union, a non-existent entity, although rumors across the Internet suggest that NACU could likely involve a secret pact among the US, Mexico and Canada.

Related article: Storm Worm Returns with Follow-Up Attack

» SPAMfighter News - 8/7/2008