Storm Trojan Comes With Independence Day Greetings

Malicious spam mails using the theme of America's Independence Day are reaching inboxes around the world, cautions security vendor Marshal.

Marshal's TRACE team has detected a Greeting Card spam that welcomes recipients to open a greeting card on the special day that a friend has sent them. The e-mail directs the recipient to click on an embedded link to view the greeting card.

But if the recipient clicks on the message link, he becomes vulnerable to the notorious Storm Trojan that resides in an executable file titled "ecard.exe". On running the file, the user could potentially allow its computer's access to a remote controlling server in order to merge the compromised PC into a botnet. Botnets are networks of zombie or compromised PCs that obey commands of the remote attacker.

According to Marshal, the Storm Trojan first emerged in January 2007. Since then it has been quite successful in spreading wide by using headlines on world current affairs to trick users into opening the desired attachments. Besides the special message on U.S' Day of Independence on 4th July 2007, similar evil e-mails in the past circulated with headlines as 'Chinese missile shot down by USA aircraft' and 'Saddam Hussein alive!'

Director of product management at Marshal, Bradley Anstis said the Storm Trojan has made the 4th July 2007 its bait following the familiar practice of exploiting new international events to lure innocent e-mailers into infecting their PCs, as reported by IDM in news on July 4, 2007.

People enjoy receiving greeting cards and messages on special days like Christmas and Valentine's Day. On these days people are relatively relaxed about Internet guard and sometimes even open e-mails that they would handle carefully on a different day. spammers and virus creators are aware of this tendency so they exploit events and special holidays like July 4, 2007 in attempts to trap people, Anstis said.

Anstis advises people to delete any e-mail of this nature from an unknown person or from someone not heard since long. Certainly, they should avoid clicking on the link message and the 'OK' sign if it offers to download something.

Related article: Storm Worm Returns with Follow-Up Attack

» SPAMfighter News - 7/17/2007