Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: The ever morphing Storm - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
The ever morphing Storm

Readers has been reporting emails with subjects such as:

  • Spyware Detected!
  • Malware Alert!
  • Virus Detected!

The Storm virus from the last week or so (greeting cards) has morphed into this new version.  Nothing new, the texts has changed somewhat and the subject line is different.  By en large it is still the same attempt to get people to download an exe file.

Auscert has put out an alert on this as there have been an increase of these messages in the region.

As per usual discourage users from blindly clicking links in emails.  Educate them on your corporate AV and AS practices so they will know that the message is not legit and even if you do block all these messages maybe raise awareness with staff so they don't fall for these types of messages at home.  Blocking downloads of exe files is also a good start.

A reader suggested a few keywords and/or phrases that could be used to identify the messages.
robotaccount will be blocked, also look for epidemic near the word worm.

 

Cheers

Mark H - Shearwater

Mark

391 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!