Watch out! The Storm worm, loves the holidays. So don’t dare to open that ‘New Year Greeting’ from an unknown sender in your inbox.
It may be an internet worm that will clog your mail box, send spam to your friends from your ID and slow down your computer.
It is one of the most deadly internet worms and is expected to reappear embedded as a self-executing file in e-mailed New Year greetings. The greetings if opened on January 1, can wreak havoc in the cyber world.
Security researchers have found that the Storm virus is ringing in the New Year with a fresh wave of attacks. This time, the notorious botnet is recruiting new members with a greeting spam.
Subject lines include: "A fresh New Year", "As the New Year…", "As you embrace another New Year", "Blasting New Year", "Happy 2008", "It’s the new year", "Joyous new year", "New Hope and New Beginnings", “Happy New Year and someones name”, “Happy NY(random name)”, "New Year Ecard", "New Year Postcard", "Opportunities for the New Year", "Happy New Year to You", “New Year Ecard”, "Happy New Year to (email address)", "Lots of greetings on the New Year", "New Year Wishes for You."
The e-mails then attempt to direct users to a malicious Web site called uhavepostcard.com. A blog post by anti-virus firm F-secure warns that while the site remains free of exploits (for now), the spam will likely be a precurser to a New Year’s Eve-themed Storm attack.
The central government’s Indian Computer Emergency Response Team has issued advisories to all Internet Service Providers in India: VSNL, MTNL, Sify, Bharti and Reliance, telling them that storm worm variants have already begun circulating abroad. CERT sources told HT that the ISPs had been advised to block access to the domain “uhavepostcard.com”, “happycards2008.com” and “merrychristmasdude.com” which were found to be hosting variants of the storm worm.
The infected e-mails carry a link to the above-mentioned domains. Merely opening the e-mail and clicking on the link that says “click here to read the greeting sent to you by XYZ” takes you to the website hosting the malicious worm which downloads itself.
CERT experts have advised ISPs to block these sites and install anti-worm patches to prevent them from taking users to the malicious websites. As an internet user, the smart thing to do when you receive a mail with these subject lines is to simply delete the mail without opening it, say internet security experts.
This wave of New Year’s spam follows shortly on the heels of a widely distributed Christmas attack, which was delivered December 24, featuring a Santa Clause-themed striptease to entice users to visit merrychristmasdude.com.
Subject lines for this holiday spam included: "I love this Carol" "Santa said, HO, HO, HO" "Christmas Email" "The Perfect Christmas" "Find Some Christmas Tail" "Time for a little Christmas Cheer."
Security researchers recommend that individuals make use of their spam filters to block the malicious domains for both incoming email and outbound web traffic. And, as always, security professionals advise against opening e-mails from an unknown or unsolicited sender.