MoMusings

Random ramblings and musings about all things malware and related net-nasties...

Monday, 22 January 2007

Storm Worm Gang Have Been 'Very, Very' Busy

Since late Friday we've seen a number of 'waves' of new variants of the so-called 'Storm Worm' which I blogged about here [Archived].

The new variants have used some of the same subject lines and attachment names as the earlier ones. So, this is really just a quick update.

The new subject lines, not including the ones we've already seen, include:

  • A Little (sex) Card

  • A Romantic Place

  • A Special Kiss

  • All For You

  • Breakfast in Bed Coupon

  • Chinese missile shot down USA aircraft

  • Chinese missile shot down USA satellite

  • Fidel Castro dead.

  • First Nuclear Act of Terrorism!

  • For Better or Worse

  • For You

  • Happy World Religion Day!

  • Hey Cutie

  • Hugging My Pillow

  • Hugo Chavez dead.

  • I am Complete

  • I Believe

  • I Love You So

  • Moonlit Waterfall

  • Most Beautiful Girl

  • My Eye on You

  • Our Love Everyday

  • President of Russia Putin dead

  • Radical Muslim drinking enemies' blood.

  • Russian missle shot down Chinese satellite

  • Russian missle shot down USA aircraft

  • Russian missle shot down USA satellite

  • Sadam Hussein alive!

  • Sadam Hussein safe and sound!

  • Safe and Sound

  • Safe Wth You
  • So in Love

  • Someone at Last

  • The commander of a U.S. nuclear submarine lunch the rocket by mistake.

  • The Dance of Love

  • The Love Bugs

  • The Miracle of Love

  • The Mood for Love

  • The Supreme Court has been attacked by terrorists. Sen. Mark Dayton dead!

  • Third World War just have started!

  • U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel

  • U.S. Southwest braces for another winter blast. More then 1000 people are dead.

  • Vacation Love

  • Venezuelan leader: "Let's the War beginning".

  • Want to Meet?

  • We Are Different

  • We Have Walked

  • Window of beauty

  • With This Ring

  • Wrapped Up

  • You + Me

  • You're Soo kissable

  • You Asked Me Why


And the attachment names include:

  • Video.exe

  • Full Video.exe

  • Read More.exe

  • Full Text.exe

  • Full Clip.exe

  • Flash Postcard.exe

  • Greeting Postcard.exe

  • Greeting Card.exe

  • Postcard.exe


Here's a screenshot of one of the latest ones:



It also seems that the 'Storm Worm Gang' are testing their new creations against a number of anti-virus products, to ensure that they are not detected when they release them. They are also using new tools and techniques, including 'kernel level rookit drivers', which means that they are going to be harder to detect once installed, even if you updated anti-virus has a signature for them!

It appears that the frequency of new variants being launched is also increasing, so do not launch any attachments that you are not expecting and update your anti-virus at least once a day, as otherwise you will become a victim.

So, in those immortal words, "Be careful out there..."

Labels: ,

posted by Martin @ 14:08  

Digg! Slashdot Slashdot It! Save This Page

0 Comments:

Post a Comment

<< Home