Don't Let Mrs. Santa Get Her Claus...

...In To Your Computer This Christmas.

I knew that the so-called Storm-Worm Gang couldn't resist using Christmas as a way to get you to infect your own computers. They just left it to the last minute, knowing that most anti-virus companies have already published their 2007 end of year reports, and would have picked up on the lack of Storm Worm runs during December as part of their analysis. I suppose that will teach them to publish end of year reports before the actual year has ended?

Some odd e-mails started arriving very early this morning [UK Time]. Here's a screenshot of what just one of these look like now:



The body text can be one of a number of text strings and the link, at the moment, is unusually for the Storm Worm Gang, an actual domain name, rather than the more usual IP address based links.

Of course, when you click on the link you go to a very professional looking site, complete with falling snow! Here is a screenshot of the web page you could end up on if you click on the link in one of these Christmas themed e-mails.



Usually, the websites used by the Storm Worm Gang are loaded with exploit code so that any vulnerable systems get automatically infected, however, in this case [so-far], they are just using social engineering to get you to infect your own computer by clicking on the link or graphic and running the file.

As I've often mentioned here, the 'Bad Guys and Girls' seem to be using social engineering as their primary tool to try and get you to infect your own computer, so be very careful and make sure your system is fully patched and protected if you must let curiosity get the better of you...don't make their job even easier.

Just to make it crystal clear, the file offered on this site will NOT show you a seasonal 'Strip Show'; the only one getting stripped will be your computer! It may well be stripped of any useful personal and/or financial data, and be turned in to a zombie [bot infected computer that is part of a botnet].

At the time of publishing this entry detection was still very patchy, with many of the top anti-virus products not detecting the malware laden file ['stripshow.exe'] as infected, you have been warned.

I would like to wish tou all a very happy but safe Christmas...

I will be posting the November Malware Review before the end of December, apologies that it is later than planned, but there have been other work and issues taking up my time.

A YouTube video of the site showing the full effect of the website is now available here.