29 July 2008
After the US vs. Iran Dorf (Storm) spam campaign, the malware authors had taken a short break and the botnet stopped sending their regular campaigns.
Starting a week ago, the authors have renewed their attacks and published 3 campaigns within the last 8 days. On the 21st, we have seen a campaign for the new currency Amero (the North American version of Euro). On the 24th, the often-seen ?loveyou? postcards campaign was launched.
This morning (28th) at 0630 PST, the malware authors launched a FBI vs. Facebook spam campaign. A capture of the latest Dorf website is below, where the link points to the malware executable fbi_facebook.exe:
added July 29, 2008 at 09:41 am
US-CERT is aware of public reports of a new Storm Worm Campaign. The latest campaign is centered around messages related to the Federal Bureau of Investigation and Facebook. This Trojan horse virus is spread via an unsolicited email message that contains a link to a malicious website. This website contains a link, that when clicked, may run the executable file "fbi_facebook.exe" to infect the user's system with malicious code.
Reports, including a posting by Sophos, indicate the following email subject lines are being used. Please note that subject lines can change at any time.
F.B.I. may strike Facebook
F.B.I. watching us
The FBI's plan to "profile" Facebook
The FBI has a new way of tracking Facebook
F.B.I. are spying on your Facebook profiles
F.B.I. busts alleged Facebook
Get Facebook's F.B.I. Files
Facebook's F.B.I. ties
F.B.I. watching you
US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks: