Terror-related e-mails link to Malware – Storm botnet struggling
by Steve Ragan - Mar 17 2009, 17:00The group behind the false news-related e-mails that recently created a massive botnet is once again using proven and tested methods in an effort to keep its botnet alive.
There has been a push as of late that delivers news-related e-mail, targeted with local information and horrific headlines, which links to Malware. Once installed, the Malware (Waledec) will connect the infected computer to the Storm botnet.
The new Spam campaign uses GeoIP to determine the location of the victim when they visit a malicious Web site, custom tagging the false news to local names and places to add a sense of realism to the headlines.
“After the President Inauguration, Valentine Scam, and the Economic Crisis, this time the social-engineering trick is a Terror Attack in your city. Mails with subjects such as ‘Why did they explode bomb there?’ or ‘Why did it happen in your city?’ are being sent out by the botnet right now,” wrote Micha Pekrul on the McAfee blog.
“However, this is not the first time Waledac attempted to use this localization technique, according to Advanced Threats Researcher Joey Costoya, Waledac has been using this GeoIP functionality back in February, when the botnet sent fake coupons,” added the TrendLabs blog.
As with previous e-mail attacks, the best defense is a good offense. Ignore e-mails with extreme headlines disguised as news. If you want to confirm a headline, never visit the link in the mail, look up the news item online by using a local newspaper's Web site, or by checking national media headlines on the likes of CNN, MSNBC, or FOX News.
The Strom Worm, aptly named because of its original wave of targeted e-mails based on the winter storms hitting Europe in the latter part of 2006 and early 2007, made its claim to fame by affecting millions of computers and users worldwide.
The Tech Herald: Is no news good news when it comes to e-mail?
The Tech Herald: The creative subjects of botnet blasted e-mails
Comment on this Story