Security firms warned users this week to watch out for the Storm Worm after online fraudsters revised the malicious software with a Christmas hook.
The fraudsters behind the crime-focused program began sending out a massive wave of e-mail messages over the weekend with subject lines such as "Season Greetings" or "Looking for something hot for this Christmas" but that, in reality, would lead to a hostile Web site, according to advisories by antivirus firm McAfee, security firm Symantec and other antivirus companies. The Web site, which sports a woman clad in revealing Christmas wear, attempts to infect the visitor's PC with the latest version of the Storm Worm, also known as Nuwar and Peacomm.
The program's authors continue to focus on adding exploits that take advantage of third-party applications, Roger Thompson, founder of Exploit Prevention Labs, stated on his blog.
"This is kind of interesting, and either means that Microsoft is patching faster than the exploits are coming out, or 3rd parties are not patching fast enough, or perhaps both," he wrote on Monday.
The Storm Worm caught the attention of antivirus researchers nearly a year ago and, due to ongoing development efforts by its authors, has continued to be an effective way to create and expand botnets. The program originally attempted to overwhelm antivirus software by creating so many variants -- releasing hundreds or thousands every week -- that virus analysts would be swamped. Later versions married the software to spam networks to more effectively find victims. The software authors have also built in a system that can attack back at investigators that attempt to find infected computers.
It's unknown whether the program's latest attack has been successful. Subject lines include Merry Christmas To All, Warm Up this Christmas, Mrs. Clause Is Out Tonight! and The Twelve Girls Of Christmas."
The Storm Worm is called Nuwar by McAfee and Peacomm by Symantec, the owner of SecurityFocus.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos