Topic: Beware Olympic Spam Bearing Storm Worm

[Samker]

Beware of e-mails with sensational Olympic subject titles. They will likely contain a form of malware called Storm that infects computer systems, according to enterprise security firm, Secure Computing.

The firm has warned that headlines could range from being political in nature, such as "President Bush calls for Olympic boycott", to mails with disaster themes, for instance, "Bird flu breaks out in Beijing."

There has been an increase of about 360 million spam messages pertaining to the Olympics, said Benjamin Low, Managing Director, South East Asia and India, Secure Computing. "Spammers are continuing to use current events like the Olympics to entice end users into responding or clicking on links whose sole purpose is to download malware."

Low said the excitement over seeing a video of breaking news from the Beijing Olympics can encourage cautious users to lower their suspicions and open the door to a world of trouble.

"Once the user clicks through the mail and then goes to the website, they will be led to the page where it contains links to a supposed video that actually downloads the Storm worm "Worm.Zhelatin.zc"," he said.

The Last Video for Your PC

The body of the message contains a short text paragraph with a link to a fast-fluxing Storm domain. These domains will change their actual IP addresses on a constant flux and pointing to compromised botnet computers. Users will then be lead to a website that prompts one to click onto a video.

"The shown video player is just a simple image called "mov.gif" and there is no video at all. All you get is the actual Storm malware executable named "beijing.exe" if you click the image," added Low.

But a closer look at the source code of the web page reveals that a hidden IFRAME pointing to an exploit script called "ind.php" which tries to stealthily leverage several known vulnerabilities to install the malware on not fully patched computers.

Tips to Avoid Trouble

Low has offered the following steps to help prevent users from getting infected.

-- Treat unsolicited mail with linked websites or attachment with suspicion.

-- Resist the temptation to click through to the website and download information or open the attachment.

-- Send any suspicious looking email or websites to the IT department.

-- Once you are aware that your computer is compromised, report the problem to the IT department immediately.

For the network administrators and information security experts, they have to educate their users about the dangers of email and downloading of information from website, advised Low.

"Ensure that all users are protected with the latest anti-malware solution and install the latest web security solution," he added. "And last but not least, always back up on all the programs and data."

News Source: PC World