Websense Security Labs: new Storm worm campaign emerging
July 2008 by Websense
Websense Security Labs ThreatSeeker Network has discovered a new Storm worm campaign emerging. To tie in with the 4th of July Independence Day celebrations in the US, we have detected a series of email subject lines around this theme to entice users into downloading a Trojan.
We have just previously seen the group behind the infamous Storm worm utilize the tried and tested ’I love you’ theme and then capitalizing on the global attention around the Olympics to be held in Beijing.
Clicking on the link in the email directs the user to a site laden with drive-by exploits inside of a script file named ind.php. The use of this script file name has been constant throughout this campaign. In a typical Storm worm fashion, its infection success rate is highly dependant on the social engineering tactic employed and thus the malicious file is appropriately named fireworks.exe.
Here are a few examples of the varied subjects we have seen in this campaign:
Amazing firework 2008
America for You and Me
Happy Fourth of July
Light up the sky
Stars and Strips forever