E-mails Using FBI & Facebook Spread the Storm Trojan
According to Sophos, the provider of Internet security, the Storm worm has resurfaced through e-mails claiming that the Federal Bureau of Investigation (FBI) is utilizing widely popular social networking site Facebook to trace people.
The infected e-mails containing subject titles like "FBI watching us", "The FBI's plan to profile Facebook" and "FBI may strike Facebook" came to the notice of Sophos, asked users to download an article on the issue. However, there is no article found, only the Storm worm called 'Dorf' that infects the user's computer and connects it to the Storm botnet, an enormous network of spamming computers.
Also, as mentioned in a blog post of the company, the e-mail makes use of both IP addresses and domains as links to the malicious executable fbi_facebook.exe. Further, Sophos said that prior to this attack as well as the recent surge of spam mails focused on the financial crisis, the Storm worm had been more or less inactive.
According to Graham Cluley, Senior Technology Consultant at Sophos, the new Storm attack is almost similar to the previous ones but with a major difference. However, the Websites in this attack are continuously changing, making the user confused about the veracity of the e-mails, as reported by SCMagazineUS on July 29, 2008.
Moreover, the malware writers don't seem to just use social engineering tactics, but also launching a bunch of exploit codes leveraging known browser vulnerabilities. A close examination of the codes shows that an invisible iFRAME pointing to 'ind.php.'
Furthermore, with this specific attack, the spammers are feeding on users' privacy concerns of Facebook. Also, by selecting a sensitive area of US policy and linking it to the immensely popular Facebook, the spammers are more likely to be successful in getting users to click open their vicious e-mails.
Besides, the Storm botnet has considerably reduced in size. As a result, other more powerful botnets such as Srizbi and Cutwail have overtaken it. This clearly indicates why the possessors of Storm are desperately using extreme tactics to remain prevalent.
Related article: E-Crime Reporting Format To Be Launched in July
» SPAMfighter News - 12-08-2008