Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - The ever morphing Storm InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

The ever morphing Storm

Published: 2007-07-09
Last Updated: 2007-07-09 12:11:29 UTC
by Mark Hofman (Version: 1)
0 comment(s)

Readers has been reporting emails with subjects such as:

  • Spyware Detected!
  • Malware Alert!
  • Virus Detected!

The Storm virus from the last week or so (greeting cards) has morphed into this new version.  Nothing new, the texts has changed somewhat and the subject line is different.  By en large it is still the same attempt to get people to download an exe file.

Auscert has put out an alert on this as there have been an increase of these messages in the region.

As per usual discourage users from blindly clicking links in emails.  Educate them on your corporate AV and AS practices so they will know that the message is not legit and even if you do block all these messages maybe raise awareness with staff so they don't fall for these types of messages at home.  Blocking downloads of exe files is also a good start.

A reader suggested a few keywords and/or phrases that could be used to identify the messages.
robotaccount will be blocked, also look for epidemic near the word worm.

 

Cheers

Mark H - Shearwater

Keywords:
0 comment(s)
Diary Archives