Monday, August 04, 2008
New version of Storm Worm spread by fake article on FBI and Facebook
There is a new warning about a spam email circulating that tries to get the visitor to click on a link to a web page describing an investigation of Facebook by the FBI (specifically called “F.B.I. vs. Facebook”). The webpage loads a virus that connects the user to a Storm Worm botnet that causes the visitor to download the worm, likely spreading the email to other users as well as allowing information on the computer, such as passwords and customer information, to be stolen. An earlier version of the worm had spread a holiday greeting E-card.
The FBI has a user-language discussing of how botnet worms and “botherders” work here in a June 13 2007 press release.
The news story about the recent virus attack, "Storm Worm appears in Computer World," is authored by Todd R. Weiss, is titled “FBI Warns of New Storm Worm Attacks,” July 30, 2008, link here
SC Magazine has a story by Sue Marquette Poremba, "Storm Worm leverages FBI and Facebook in new attack," link here.
Hopefully ISPs like AOL are detecting this email now as spam.
It is particularly scary that visiting a website can download a virus. This is a problem unknown until about 1999 (at one time, all viruses had come from email attachments and diskettes). This issue has been seen with “fake anti-virus” software which sometimes appears on foreign servers with fake story names that show up in search engines. Web surging tools like McAfee SiteAdvisor and “Web of Trust” should be able to flag these web sites with warnings on search engines. McAfee Site Advisor will intercept a web visit to a site rated yellow or red and allow the visitor to check a suspicion report before visiting the site.
Visitors should use site advisers or at least preview the embedded links in emails before clicking on them, particularly those from unfamiliar sources.