Security firm Sophos Inc said the spam messages released during the offensive carried some titles like " Amazing firework 2008 ", " Celebrating Fourth of July " (Happy day). National Day), " Light up the sky " or " Spectacular fireworks show " ( Spectacular fireworks show ).
These spam emails contain links to a malicious website of hackers. When visiting this website, users will be asked to download a video file "panoramic shooting of national celebrations on national days and the biggest fireworks festival held just before the national day. If If you want to witness this fireworks, please click download and open the video file below ".
This file is named " fireworks.exe ". If the user accepts to download this file, what they receive is not a fireworks festival scene, but a dangerous computer worm Storm. The main purpose of this worm is to "kidnap" the user's PC and add it to the list, but hackers' abducted PCs contribute to building the Storm Botnet network.
This is the network that is frequently used by hackers to organize Storm attacks or other forms of malicious attacks, as well as organizing phishing attacks, attacking websites .
Not only Sophos but other security companies like F-Secure, SANS Internet Storm Center and Trend Micro have warned users about "the return of Storm".
Storm was famous for taking advantage of the many events of interest to spread. Ever since it was discovered there have been no events that have passed Storm's eyes, from Christmas, the New Year . until the 2008 Beijing Olympics.
About the Storm Worm
Storm Worm is the name given to this malware by F-Secure. It was first discovered on January 17, 2007. In addition, Storm Worm has other names such as Trojan.Peacomm (Symantec), Trojan.Peed or Trojan.Tibs (BitDefender), Troj / Dorf or Mal / Dorf (Sophos), W32 / Nuwar @ MM or Downloader-BAI (McAfee) .
It was known by the name Storm Worm because on Friday January 19, 2007 it successfully infected thousands of PCs in the United States and Europe through a "230 dead" spam attack. as storm batters Europe "(230 people died in a storm in Europe).
It was only during that weekend that the Storm Worm's six consecutive attacks took place. As of January 22, 2007, Storm Worm accounted for 8% of the total number of infected computers worldwide.
Storm Worm is a type of Backdoor Trojan that specializes in attacking the Windows operating system. Once infected on a PC, it will open a backdoor to connect and receive remote control commands or download more malicious code to the infected computer.
In addition, security firm Symantec said that Storm Worm also installs a PC infected with a dangerous rootkit that will hide itself from detection of security software.
All PCs infected with the Storm Worm will be bundled into a Botnet network. Unlike other botnets, they are controlled from a central server. Storm Worm connects and controls PCs through peer-to-peer connectivity, making it difficult for the botnet to be detected and eradicated. It is estimated that this network now has a number of PCs up to millions.