Digital miscreants got plenty of bang out of the
Storm Trojan attack in January by tricking people with fake
headlines of gloom and doom. They now hope for similar success
through a new spam campaign that uses fake headlines declaring the
start of World War III.
 | | | | | I don't see this as very
monumental, but shops that have problems with users opening .exe
attachments should be aware.
John Bambenek,
Volunteer handlerSANS Internet Storm
Center |
| | | | | |
| |
|
But one security expert said this latest attack will probably
fizzle due to a case of bad timing.
Several security organizations warned over the weekend of a new
spam campaign using a variation of World War III headlines that
play on tensions between the U.S. and Iran. Some of the headlines
include: 'USA Just Have Started World War III," "Missle Strike: The
USA kills more then 20000 Iranian citizens," "Israel Just Have
Started World War III" and "USA Missile Strike: Iran War just have
started."
By comparison, the Storm attack relied on email headlines
exploiting a severe weather system that was wreaking havoc in
Europe at the time. The attack expanded its repertoire with
headlines claiming that Saddam Hussein was still alive and that
Russian and Chinese missiles had been used to shoot down a U.S.
satellite. The emails included malicious attachments that would
infect the victim's machine if they clicked on it.
Helsinki, Finland-based F-Secure Corp. said emails in this
latest attack have a
malicious executable attached under such tags as "video.exe" or
"movie.exe." The Bethesda, Md.-based SANS Internet Storm Center
(ISC) received reports of additional attachment names like "click
here.exe," "clickme.exe," "readme.exe" and "read more.exe."
 |
| Storm worm: |
Storm worm keeps spreading: A Trojan horse that started
spreading in emails exploiting concern about European storms
continued its advance over the weekend by adopting a wider variety
of fake news headlines, according to Finnish antivirus firm
F-Secure Corp.
Ten emerging malware trends for 2007: From phishing threats to
zero-day flaws, hackers have certainly developed many sophisticated
ways to exploit vulnerabilities for their gain. And, as
SearchSecurity.com's information security expert Ed Skoudis reveals
the 2007 outlook.
|
|
| |
|
John Bambenek, a Champaign, Ill.-based security professional who
volunteers as a handler at the ISC, said the attackers are using
one of the oldest tricks in the book and that most IT shops and
users should know enough by now to avoid the trap.
"I don't see this as very monumental, but shops that have
problems with users opening .exe attachments should be aware," he
said. In an attack like this, Bambenek said three factors can help
the bad guys: IT administrators failing to block .exe attachments,
antivirus vendors being too slow in recognizing the threat and
updating their signatures; and users clicking on unsolicited
attachments.
Attackers may have had better luck this time around if their
sense of timing were better, he said.
"This would have had more effect if were released Monday morning
when people are in work and are more likely to do something stupid
because they haven't had their coffee yet," Bambeneck said. "In
this case, it was Easter Sunday and who's going to be in the office
at that point?"
He said the ISC
initially gave the attack attention because most antivirus
vendors hadn't recognized the threat and updated their malware
signatures accordingly. By Monday morning, however, most had done
so.