Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« It Didn't Work For Nixon, Either. | Main | 419 Phunnies »

April 08, 2008

Storm Doesn't Need No Stinkin' Holiday

Recently synchronized with events such as Thanksgiving, New Years, St. Valentine's Day, and even April Fool's Day, a newly released email lure to malware-loading sites started arriving today under the guise of mash notes for the lovelorn. The email messages looked like the following:

Non-holiday Storm email message.

A number of variants to the Subject and body have been reported, but all along the same lines. This time, however, the links are to domain names, rather than numeric IP addresses.

If you click on the link, you are delivered to a page that looks like the following:

Non-holiday Storm web page.

Those who would be fooled into clicking on the big image or the link probably wouldn't get the joke being played on them—that the image is essentially transmitting its Storminess in neon lights. Instead, the potential victim might truly believe that the image is, rather, a video player, like the kind you see at You Tube.

The entire image is a link to one executable file (i.e., clicking on the "Play" button art is no different than clicking anywhere else on the image), while the text link is to a similar file with a slightly different name. Loading either file on an unpatched Windows machine is the same as enlisting your PC into the botnet army.

It's hard to convince recipients that they really don't have a secret admirer. If I had my way, anyone about to click on the email link would have a gigantic Monty Pythonesque claw hammer come crashing down on their heads.

Fake love hurts for real.

Posted on April 08, 2008 at 08:02 PM