Unwanted e-card conceals a Storm
Don't download it - as if you needed to be told...
There's a new version of the Storm Trojan on the loose, disguised as an e-postcard but actually recruiting zombies for a botnet, according to the SANS Institute's Internet Storm Centre.
The attack arrives as a spam with the subject line "You've received a postcard from a family member!" and contains links to one of several malware hosting sites, said SANS researcher Lorna Hutcheson in a SAN ISC security alert. The interesting part is just how multi-layered the attack is - it uses several different exploits, both technical and social.
The aim is to get the user to download a Trojan. If executed, this calls home to a malware hosting server which SANS says has been active since December 2006, and attempts to install zombie software. That then ties the PC into a spam botnet.
Perhaps the most dangerous part is that, when SANS ran it through 30 different anti-virus programs, only a quarter of them picked up ecard.exe as a suspect download.®
Sponsored: Customer Identity and Access Management