The Storm malware is using yet another trick in its endless push for world domination. Two weeks ago Storm passed itself off as a greeting card from family members to trick people into clicking on malicious URLs in their email inbox. Last week it tried to use patriotic messages to dupe people into getting infected.
The latest trick? Emails made to look like security alerts.
Here’s what the F-Secure blog is saying about it:
“The same gang that has been sending out malicious links in emails looking like greeting cards or 4th of July greetings have now added a new look and feel of the email. Now they can also look like malware, trojan or spyware alerts from Customer Support Center and the email talks about abnormal activity that has been seen from your IP address. All you have to do is to click on the link and run the file to fix it or else your account will get blocked. Needless to say the downloaded file is malicious.
“Again the file is downloaded using an IP address and not a DNS name but his time around though they’ve tried to disguise with a text hyperlink. We detect the downloaded file as Packed.Win32.Tibs.ab.”
As we’ve written many times before, the best defense against this is to delete emails from sources you don’t know or trust, and to teach youngsters that opening email from strangers is the same as taking candy from strangers.
The SANS Internet Storm Center had this advice about the latest Storm threat:
“As per usual discourage users from blindly clicking links in emails. Educate them on your corporate AV and AS practices so they will know that the message is not legit and even if you do block all these messages maybe raise awareness with staff so they don’t fall for these types of messages at home. Blocking downloads of exe files is also a good start.“
Good words of wisdom.
Technorati Tags: Storm+Trojan, Storm+Malware, malware, Trojan
