New Storm Worm Variant

The newest method that is being highly utilized to trick people into becoming storm worm infected is by sending out e-mails regarding various "club" memberships. The e-mails typically contain some kind of member number, login ID, password ID, and a link to the malicious site. Here is an example:
_____________________________________________________________

New Member,

Here is your membership info for Pet World.

Member Number: 11454551194824
Login ID: user3262
Password ID: xg341

Please Change your login and change your Login Information.

Click here to enter our secure server: Pet World

Welcome,
Technical Services
Pet World
_____________________________________________________________

Clicking on the link within the e-mail offers an "applet.exe" file to download. This is a clear sign of the storm worm. The best security practice is to delete these e-mails and never click on links from an unknown source.

References:

SANS Internet Storm Center

http://isc.sans.org/diary.html?date=2007-08-21

Posted by Kitch Spicer on August 23, 2007, in Handlers Log.