Valentine’s Day is here and whether we like it or not, there’s a lot of love in the air. Love spreads like a virus and just like love there’s an ugly counterpart spreading. Your mail box might be full of Valentine’s wishes from friends, lovers and perhaps even secret admirers, but you should be cautious when you find such romantic messages from unknown senders. According to security firm MicroWorld Technologies, the Storm Worm has begun a new round of attacks.
Since the early hours of Tuesday, emails pointing to IP addresses hosting the Storm Trojan were being sent out in bulk. In fact, even security firm F-Secure warned Internet users about the return of the Storm Worm.
The subject lines of the virus-infected mails are all love and Valentine’s Day related ones, thus internet users should exercise caution when opening emails especially from unknown senders. Examples of subjects include “Just You” and “Love Rose”.
Once the unsuspecting users clicks on the link inside the mail, a new page opens and some deceptively cute images of cupids, two interlocking hearts, a chubby pig wooing his mate and a heart that just got recovered from a series of breakups are displayed.
But, don’t even be fooled by these seemingly rosy images because soon the unsuspecting users is prompted to download a file named Valentine.exe, which is nothing but the mask for the Storm variant ‘Zhelatin.ve’. Once clicked, just like any other Storm Worm, Zhelatin.ve opens up a to and fro communication channel with its creators that allows them to control the compromised computer and relay malware laden messages and spam.
According to Govind Rammurthy, CEO of MicroWorld Technologies, “There are so many people out there who believe that their prince in shining armor or the charming Cinderella of their fantasy land will come alive from nowhere in the second week of February. And there’s no harm in it unless you want to click on every love message appearing in your mail box. The problem is there’s a tendency among people to lower their levels of discretion during occasions like this and Virus writers have been successfully exploiting this human vulnerability year after year.”
Since the beginning of 2007, the Storm Worm has become a huge issue. According to MicroWorld Technologies, it initially came as attached ‘exe,’ but in the last quarter of the year, the worm changed pace and came with messages containing links to malware hosted on fast-flexing IPs.
“The advantage of this method is that since it’s a hosted file, they can change the malicious code as and when they want. This enables them to churn out variants at will without having to take the pains of resending the emails again. The people behind the Worm have so far managed to build a huge botnet containing millions of computers owned by unsuspecting victims and they are in no mood of a let-up at all, as evident with these attacks occurring at regular intervals,” Govind points out.
MicroWorld Technologies has outlined some precautionary measures for Internet users: