April Fool’s Day not so funny for Storm victims

By Isabelle Chaize

This April Fool’s Day saw a new offensive launched by the now infamous Storm worm.

The attack makes use of greetings cards sent by email to trick users into downloading and launching the Trojan.

Users are told, on receipt of a spam message, that they have been sent an online April Fool’s Day card.

When they cloick on the link in order to open their card, they are redirected to a numeric URL, and a page which immediately starts trying to download an executable file.

The file contains malicious code designed to link the victim’s computer to the already massive Storm botnet.

The Storm malware nework updates the software on its component machines and instructs them via peer-to-peer networks to carry out further damaging actions.

Jose Nazario, senior security engineer at Arbor Networks, said that he thought the offensive was a recent one, indicating on a blog today that it ‘appears to have started in the past few hours, and reports indicate it was in preparation for the past 24 hours or so’.

This is not a new method of attack. The Storm writers have been capitalising on holiday seasons to send spam greetings cards since the creation of the botnet, with Valentine’s Day and New Year’s Day recent examples of spates of attacks.

Storm is well-known in the IT world as one of the longest-running and most extensive botnets. Some researchers are worried that it is becoming ever more sophisticated, and that it could soon be used as a template for future worms.

It is also feared that other criminal groups have rented out the network on order to carry out phishing attacks on the huge target audience afforded by the widespread botnet.