Storm Wishes You a Happy New Year!

In keeping with form the gang responsible for the Storm Worm (and its many variants) has been releasing updates to correspond with the New Year holiday coming up next Tuesday (they also released some Christmas joy as well on Christmas eve for those who wanted early "presents").

They've been changing domains linked to in the email that is directing you to the malware download. So far we have seen:

happycards2008.com

newyearcards2008.com

happynewyearcards2008.com

uhavepostcard.com

All of the above sites are currently active except for happynewyearcards2008.com which appears to be offline.

If the link in the email is clicked it takes you to a site where it tells you that your download will begin shortly (actually it is scanning for vulnerabilities for it to exploit on your PC) and that if your download doesn't start to click to download the file manually. When the link is clicked the malware is downloaded so that people can infect themselves. This is akin to other Storm Worm variants which operated in a similar fashion.

The downloaded file is changing names also. Currently the file is happynewyear2008.exe, but previous variants have downloaded happy2008.exe, happy-2008.exe, and happynewyear.exe.

Have a Happy New Year, but don't party with the Storm Worm Gang!

Posted by smasiello at 1:18 PM | Link | 0 comments

No comments found.