Storm is not gone

Filed Under: SophosLabs, Spam

On this quiet Sunday one thing worth mentioning is definitely a new Storm campaign that was spotted in our traps about an hour ago. This time the social engineering technique combines adverts for an alleged pornographic content hosted on a compromised server with a fake anti-spyware software installation.

The campaign is, as usually, seeded by a large number of email messages containing a link to the compromised web server. If the URL link in the Storm email is followed a fake anti-spyware warning will be displayed inside the browser window. The warning looks fairly similar to the genuine Windows alert and may entice the unsuspecting user to install the 'free' anti-spyware repair tool.

Soon after the initial fake warning the download of the Trojan will be attempted.

storm20080622_1.jpg

The detection of this variant seems to be quite good from throughout the AV industry. Sophos detects this variant proactively as Mal/EncPk-DA.

You might like

About the author

Vanja is a Principal Virus Researcher in SophosLabs. He has been working for Sophos since 1998. His major interests include automated analysis systems, honeypots and malware for mobile devices. Vanja is always ready for a good discussion on various security topics.