Storm worm e-mail says U.S. attacked Iran

The criminal hackers behind the Storm worm botnet are once again using political social engineering to expand their network of compromised computers.

Recent e-mails stating that the U.S. has already attacked Iran and, in some cases, also offering links to a video purportedly from a soldier, are not to be believed, according to Websense. The security vendor said in an advisory Wednesday that it has linked the provocative e-mails to the Storm worm.

Storm got its name because it first took advantage of a huge winter storm in Northern Europe in early 2007. Since then, it has used a variety of social engineering tricks, including the use of political themes, to get unsuspecting users to open its malicious payload.

This time Storm is offering form.exe and iran_occupation.exe as executable payloads.

Acording to Dancho Danchev over at ZDNet, the latest iteration of Storm appears to be using the following domains:

  • statenewsworld . com
  • morenewsonline . com
  • dailydotnews . com
  • dotdailynews . com
  • newsworldnow . com
A link from one of the Storm worm e-mails leads to this page. Websense