Storm Worm Pounces, Posing to Share Love
A new surge of attacks from the familiar Storm worm is using the theme of 'love' to inflict many users this time.
E-mails carrying links connecting to a website with malware and which acts as bait were being distributed in masses during the three days from January 18 to January 20, 2008, according to warning by security firm MicroWorld. TechTree published this in news on January 21, 2008.
Title lines in the e-mails appear in various forms such as 'Eternity of your love'; 'Falling in love with you'; 'I love you so much'; 'Our love nest'; 'Our Journey'; 'For you my love'; 'A kiss so gentle'; and 'Memories of you'.
The spam mail displays an image of a pink-colored heart and a note that informs the recipient that his download would begin shortly. However, if it did not begin within 10-20 seconds, the user could click an embedded link to start the download. He could then click 'run' to enjoy, the message concludes. But on clicking the message, what is downloaded is a .exe file named 'with_love.exe' or 'withlove.exe' that actually contains a malware dubbed as 'Zhelatin.sg'.
It has been found that the Zhelatin.sg malware behaves in similar ways as its predecessors. It plants a file called 'burito.ini' on the compromised computer, disables anti-virus software on it, and starts up a number of ports that are connected to P2P networks after which it adds the computer to the massive Storm botnet. Subsequently, the bot-infected computer starts sending spam or performs other activities that the attacker makes it do from a distance.
According to CEO, Govind Rammurthy, of MicroWorld Technologies, this behavior of the Storm worm is the latest roll out from its factory in the form of some modifications in code with a new theme to propagate. And the attack is fairly large in terms of its initial volumes, Rammurthy added. CXOtoday published this in news on January 21, 2008.
Rammurthy further said that it is hard to detect the malware with most security mechanisms because of the speed with which it dishes out new variants and the innumerable places where it could launch these threats.
Related article: Storm Worm Returns with Follow-Up Attack
» SPAMfighter News - 01-02-2008