‘Storm’ Spam Using Halloween Theme is Latest Social Engineering
Web users have been cautioned that spam mails on Halloween themes and carrying the malicious Storm Trojan are circulating.
The Marshal Trace team of experts has detected a surge of Halloween-themed spam messages that offer a Website where recipients could go and download software that falsely claims to create an image of a 'dancing skeleton' for the computer user's desktop.
But on visiting the Website, users get exposed to vulnerabilities and a malicious file called "Halloween.exe". The executable file is actually a carrier of the Storm Trojan that takes control of the user's computer to add it to a botnet - an army of compromised PCs that obeys the command of a remotely controlling server.
This spam is the latest improvisation of the e-card spam scam, also referred to as Storm, said Senior Technology Consultant, Graham Cluley, at Sophos. Webuser published this on October 31, 2007. The Trojan that is already scattered widely is capable of seducing more users with the jazzy Vengaboys soundtrack.
The gang of criminals responsible for the malware has cleverly chosen disguises on catchy topics and crafted enticing e-mails difficult to resist, Cluley added.
The malicious e-mails show different types of subject lines such as 'Happy Halloween, Dancing Bones', 'Show this to the kids', 'Man this rocks', 'The most amazing dancing skeleton' and 'Send this to your friends'.
The Storm-created botnet has been dangerously controlling lakhs of PCs. According to the Marshal Trace Team's estimates, the Storm botnet alone sends out as much as 20% of the entire current spam.
Today's Storm Trojan that uses Halloween to lure unwary users is the most recent variety of social engineering tactics popular with Internet criminals, Vice President of products, Bradley Anstis, at Marshal said. Darkreading published this in news on October 31, 2007. Previously, the Storm campaigns took advantage of current events like the NFL sports and the US Independence Day. It is quite possible that the Halloween-themed spam would lure an even wider audience, beyond United States even, Anstis reflected.
The notorious Storm Trojan made its debut in January 2007 and quickly became successful by making headlines on current affairs.
Related article: “Loopholes did not cause online banking thefts”: ICBC
» SPAMfighter News - 17-11-2007