The emails contain such headlines as 'Eiffel Tower damaged by massive earthquake' and 'Donald Trump missing, feared kidnapped.'The bodies of the emails contain links which claim to provide further information on the story.
However, the links direct to a page designed to resemble adult video site Pornotube. When users click on one of the supposed video links on the page, an executable is launched which installs the Storm malware.
"This clever social engineering technique plays on people's inquisitiveness about news of natural disasters and celebrities," said McAfee researcher Kevin McGhee.
"The emails also follow the simple format of some text and a link that looks fairly harmless to the uneducated user."
The emails mark a deviation for Storm from its usual tactic of spamming articles and videos of current events and holidays.
Link (via Beyond the Beyond)
/
/
8:27 am Mon
Jun 23, 2008
Storm Worm invents fictional events to entrap victims
The mammoth StormWorm botnet has left off its usual strategy of using news headlines to lure people into clicking on badsite links that result in their computers being hijacked and added to the botnet -- now it is using intriguing fictional events to bait its hooks:
Gruesome Soviet safety posters got their point across
These Soviet safety posters delivered their message in bold terms.
READ THE REST
Tesla car involved in fatal crash while in Autopilot mode, U.S. says
The U.S. National Highway Traffic Safety Administration (NHTSA) today said it is opening a preliminary investigation into 25,000 Tesla Model S cars, following the death of a driver who was killed using the vehicle’s Autopilot mode.
READ THE REST
More than 30 people burned during Tony Robbins "motivational" firewalk
Bleach-toothed motivational speaker Tony Robbins charged between $650 and $3000 for tickets to his 3.5 day Unleash the Power Within seminar outside Dallas, Texas, where participants are taught to walk on hot coals.
READ THE REST
These two Mophie gadgets will help keep you connected on the go
Mophie’s gadgets are reliable, minimalist, and stacked with all the right features. We use these two gadgets to keep our phones, tablets, e-readers, and other electronics charged.Recharge on-the-go with the Mophie Powerstation XL External BatteryThe Mophie Powerstation XL ($39.95) packs enough power to re-charge your phone eight times over. It has three levels of charging, so […]
READ THE REST
Mastering AWS and Salesforce could make you extremely valuable
Earlier this spring, Salesforce announced that Amazon Web Services (AWS) would be its preferred public cloud infrastructure provider. Salesforce developers and AWS developers are already in-demand and paid very well for their expertise, but this partnership opens up the opportunity to become an extremely valuable asset by mastering both. Below are two in-depth courses to help you start or progress […]
READ THE REST
WordPress Wizard Bundle: Maybe the first step toward being your own boss, just $49
Whether you’re trying to start a quirky news blog, open a local Irish pub, or sell handmade furniture out of your garage, one thing’s for sure: your business is not going to succeed if you don’t build it a professional-looking website. That’s why we’re excited to share the WordPress Wizard Bundle.This is a bundle that includes 12 courses about […]
READ THE REST
15
Comments are closed.
This clever social engineering technique plays on stupid people’s inquisitiveness about news of natural disasters and celebrities,” said McAfee researcher Kevin McGhee.
Quote fixed. Though if Donald Trump had been kidnapped I might be interested for a quarter of a second, until I had to click a link.
One wonders what’s going through the mind of someone who falls for this. “What the… “Paris Hilton assassinated by terrorists”. Gimme a look.. Wait a minute, that’s not… uh… hey, free porn! Awesome!”
I was about to take offense at the ‘stupid people’ part until I re-read the post.
A spam I received said “Beijing devastated by earthquake” and considering recent seismic activity in that area I think being inquisitive about it is quite normal.
I didn’t click on the link though, but went straight to Boing Boing to independently verify the news.
#3: Ok I’ll admit that me adding “stupid” to the quote might have been over the top in the case of natural disasters. But to try and find out about it via a spam email may be. Notice that you didn’t click on the email’s link….
‘Donald Trump missing, feared kidnapped.’
Define ‘feared’.
Bots run autonomously and automatically. I think the headline is misleading or implies Artificial Intelligence on the part of the bot. I think we should give “credit” to the bot herder(s).
“feared”/”hoped”… no dumping whatever.
Precisely!!! Distributed botnet authors are writing software in ways that are years (decades even) ahead of “professional” programmers. (I’m pointing my finger at all your Java weenies, here.) Continuing to program in imperative von Neumann style is like life on Earth trying to make bigger and more complex single-cell organisms. The solution, as evidenced by the Internet protocol stack is the equivalent of multicellular life on Earth. Expect cores, lots of them. Expect declarative disributed asynchronous message-passing concurrent programming. Botnet authors, like the ones who “attacked” Estonia, are way ahead of us on this… but they’re also only performing the most trivial tasks… the network programming equivalent of a fork bomb. But eventually, and soon, they’ll figure out the killer apps that will make all this “Web 2.0” junk look like COBOL.
This clever social engineering technique plays on stupid people who use Windows and Outlook Express and always click on any link in email.
Fixed the typo.
I’m using the last pay version of Eudora (under Mac OS 10.5.3) and even that ancient application knows enough to classify these spams AS spam.
I checked the junk folder and LO! There were several of them there.
On a lark, I clicked on the link, and an .exe file began downloading.
Some LOL-ing later, I killed the download. Not that letting it actually download would have done anything, but I need the hard drive space.
The problem lay with the white-collar business/university/professional centralized IT administration culture. It’s not like the old days of UNIX at Berkley or MIT; it’s a relatively new bunch of jerks who combine the arrogance of sysadmins with the ignorance of pointy-haired-bosses. (They also constitute roughly 30% of the population of Slashdot… and they act like white people in the Americas bemoaning all of the “immigrants”.) Their mantra is that The Internet is Serious Business. And that’s the problem: command and control, in an environment conducive to spontaneous order.
What’s the solution? As I’ve alluded to above, disruptive innovation will have to run with, rather than fight against, the “hijacking” of email in the workplace. Accept that most people are this “stupid” and turn it to your advantage. As the saying goes, “When the wind blows some people build walls, others build windmills.”
Good comments ZuZu.
I give the thing 10 minutes before it has a breakdown and starts issuing email with the subject “Donald Trump damaged by massive earthquake.”
I’m a cruel b*st*rd – I have very little sympathy for people who get email from people they may not even know and click links without even checking where the links lead.
I give the thing 10 minutes before it has a breakdown and starts issuing email with the subject “Donald Trump damaged by massive earthquake.”
I doubt it is clever enough to really generate headlines rather than just pick from a set of predefined ones. Although “Eiffel Tower missing, feared kidnapped” would be pretty cool.
“Donald Trump kidnaps Eiffel Tower, earthquake feared?”
Who gets REAL news in their email from unknown sources? I have NEVER got a legitimate email about a news story, except from people I already know. Therefor I can safely assume that any “news” story that randomly shows up is spam, and belongs with all the penis enlargement and bizarre porn. I have to agree that clicking the link, no matter how enticing or important the story seems, is plain dumb. If it is something that I think MAY be legitimate, well, I’m already at the computer, so I can just google it if I am interested.
I’ve never been duped into opening one of these, but on one occasion I did get some legitimate news I was both unaware of and very interested in via these subject lines: the reunion of My Bloody Valentine.
“Headlines” I’ve gotten include:
Cindy Mccain Talks About Her Boobs
John Mccain Proposes Gay Marriage
Bush Down to 8 Friends on Myspace
Cristiano Ronaldo Disses Paris Hilton um Louro Mudo Feio!
Jesus Christ To Star In Next Series Of Batman
nazi Toddlers Ruined My Birthday
Iran Kicks America In The Nuts
World Leaders Gather To Roast Mahmoud Ahmadinejad
Bush Claims He Has Supernatural Abilities
For The Man Who Has Everything: Three Tits
Polar Bear Finds Yoga Great For Flexibility, But Murder On The Balls
Army Of Two, Dick Cheney And John Mccain Invade Iran
Donald Trump missing, feared kidnapped
McCain to ‘Match’ Obama With Tour of Epcot’s ‘World Showcase’
What Annoyed Us About The Olympic Opening Ceremony
Fox News Admits Grievous Error
New Economic Stimulus Package Inlcudes Goat
Nature Did Not Connect the Funny Bone to the Satire Bone
Nuts! Jackson Backs Neutering Stray Politicians
Four Horseman of the Apocalypse Split; ‘Pestilence to go Solo’
Scientist Prepare to Colonize Redneck Area
Advertisement feature; ‘Guess Who’ game now available on Blue-tooth
Pale, Hairless and Would Never Fit In Anyway
McCain Opposes Gay Adoption of Highways
McCain gives up fighting for presidency
Preliminary US Presidential election polls results here
Yeah. I’m not that stupid.