Security

When you care enough to send the very best - Storm worm laden e-mail

In an FBI warning issued on Feb. 12, a malicious e-mail virus concealing itself in what appears to be a Valentine’s Day e-card is spreading across the Internet. Clicking the link from a “Secret Admirer” will take the victim directly to download the Storm Worm virus.

In an FBI warning issued on Feb. 12, a malicious e-mail virus concealing itself in what appears to be a Valentine’s Day e-card is spreading across the Internet. Clicking the link from a “Secret Admirer” will take the victim directly to download the Storm Worm virus.

From CBS:

Lance Ulanoff, Editor-in-Chief of PC Magazine, tells WCBSTV.com the virus originated in 2007 and tends to be a "seasonal" virus that often reappears during certain holidays.

"It's a great concern because people get it as a greeting card, and obviously people will be getting lots of Valentine's Day cards over the next few days," Ulanoff says. "People need to be aware of something coming from someone they don’t know."

The virus connects the recipient to the "Storm Worm botnet," a network controlled by the creator of the virus. Botnets allow the crooked e-mailer to engage in online crime including identity theft, denial of service attacks, sending of spam e-mail, and spreading the virus to others.

The Storm Worm, first launched in January of 2007, capitalizes on holidays to spread itself as an e-card from an unknown sender. It directs the recipient to click a link to retrieve the card. Unfortunately, this comes at a time when e-mailing love letters is gaining popularity with younger people, according to a survey by Google.

Obviously, this is a good time to remember the basics of e-mail safety. Don’t open e-mail from an unknown sender. Don’t open attachments that you are not expecting. Keep your AV up to date, along with your firewall. This may also be a good time to repeat these basics to your users and co-workers.

Because of the FBI’s proactive alerts and the media’s willingness to spread the message, it is hoped that the virus spread will be minimal.

How do you maintain your safety online?

More information:

Online Valentine cards may contain Internet worm, FBI warns (AFP)

E-mail carries love and viruses for Valentine’s Day (Information Week)

Gathering Storm Superworm Poses Grave Threat to PC Nets (Wired)

Massive Storm Outbreak Threatens Consumers (CSO Magazine)

9 comments
BALTHOR
BALTHOR

They attack the joy of life.If they ever lost virus they just might start blaming themselves.

seanferd
seanferd

I also understand that there is something out there surpassing Storm. I don't know if it has a new vector for valentines day. Say, this blog wasn't here a little while ago. Fresh.

Tig2
Tig2

What tools do you use to guard yourself from potentially perilous email? I personally don't send e-cards as I prefer to send an actual card. But I also ask friends who might send an e-card to please also send an e-mail letting me know that the card is coming from a legitimate source. Share your favorite way to stay safe online.

jcitron
jcitron

I sent out a warning email on Monday regarding e-cards that said pretty much what was discussed in the article. This served as a reminder because my users are pretty tech-savvy and have been taught never to just open emails that they receive from the outside. So far this and our anti-virus suite has done an amazing job of keeping the malware at bay.

MGP2
MGP2

[i]But I also ask friends who might send an e-card to please also send an e-mail letting me know that the card is coming from a legitimate source.[/i] With the current trend of hacking legitimate sites to dispense malware, it's only a matter of time till an e-card site's actual content database gets hacked. If that happens, your friend's advance email saying "I sent you an e-card" may as well say "Happy Joining Bot World Day". ;-) I say, skip the card and send me a nice wish in an email.

Jessie
Jessie

I'm bad. I had an AV on my home pc but it was slowing everything down so badly I had to take it off. Mostly I don't open emails from anybody I don't know. I don't send e-cards. I don't click on links in emails. If I want to go to a site, I'll google it first and see what comes up, or I'll type in just the site name. I don't pay any attention to ads anyway so really I'm not even tempted to go to many sites. And my kids don't get to go to any sites but the one's I've pre-approved and setup as a bookmark for them.

The Listed 'G MAN'
The Listed 'G MAN'

Raft of spam filtering software for the incoming - with AV scans on all mail (both ways). For clicking a bad link.... All machines run through a proxy that will not allow connections to 'bad sites', files or protocols that may harm the PC. This proxy is 1 of 2, the second being in the DMZ, the first on the LAN. Users should not reach the DMZ proxy server with a bad request however if they do, it too checks and blocks. 1 (LAN) is an Modified IP Cop Installation within a VM - Own IP address and network connection - authentication needed to access. 2 (DMZ) is a hardware firewall with URL scanning (+ more) Both take updates from a DL list. DNS - Use forward to OPEN DNS so I can block access to domains based on category and personal blacklists.

Tig2
Tig2

In the research I did for the article- much of which is included in the "More information" links- I discovered that in the early days of this particular virus, only four of 31 AVs it was run against would detect it. I believe that the list was Clam, Kaspersky, Symantec, and Trend. What makes this such a baddie is that it is part virus, part Trojan, and part rootkit. As much as I looked, I couldn't find a single page that told me how one would kill it. Your set up sounds like you'll not have much problem with it, even if it does try to get in.

The Listed 'G MAN'
The Listed 'G MAN'

People should be adding all the valentine related words to the spam filter NOW. It may stop these messages and hence links getting to the users desktop. No legit business message will contain subjects like 'Secret Admirer'! Mind you forum posts are just as susceptible as an e-mail message for delivery. EDIT - the 'ing' in 'adding' was missing

Editor's Picks