Tuesday, November 11, 2008


New Storm worm subject lines

The “Storm” worm is so named because it initially lured its victims with subject lines about horrific storms in Europe and Asia. Clicking the “video” link in the message or running the attachment has you install a “video player” to see the purported news item. Of course, it’s not a video player, but malware that will turn your computer into a zombie.

The subject lines soon varied from the original storm-related ones, with headlines such as “White House In Flames” and “Plane Crashes Into Eiffel Tower”. Well, there’s a new crop; I got these today (click to see the full image, and note the first and third items):

New Storm worm subject lines


Frisky070802 said...

I'm assuming that's a gmail snapshot. I noticed a lot of mail from "me" in my spam folder. Sure makes it easy to know it is truly spam. Why on earth would they forge my own address as sender and recipient?

Barry Leiba said...

Yes, gmail, with a plug-in that changes the look & feel a bit.

Spam has a long history of using the recipient's own address as the "from". Presumably, they figure that spoofing that will more likely get the messages through the company's or ISP's filters, and they might be right. They're clearly not aiming that sort of thing at the user (you certainly would be less likely to trust mail that said it was from yourself, if that mattered), but at the mail system's filters.

Back when we had crappier spam filters than we do, my own filters set the "very, very suspicious, indeed" flag, and those filters are still running.

Of course, the thing is that one occasionally does send email to oneself.

Frisky070802 said...

true, one might mail oneself. the nice thing is that gmail can tell if it came from itself or the outside and categorize appropriately.

Lisa Simeone said...

Good grief, do people still actually click on this stuff?? I don't understand it. With all that we know about spam and malware, even the most technological know-nothings among us (me) know enough not to download this shit to their computers.

Maybe we should give out tickets, like we do for traffic, and make the ne'er-do-wells pay a fine. That oughtta change their behavior.

Barry Leiba said...

People do still click it — at least, enough do that they can get botnets of millions of computers.

As to "fines", I actually suggested, in a speech a couple of years ago in DC to a bunch of service providers, that they require certain vulnerability protection of their customers, and block them from the network if their computers don't comply.

The techies I spoke to, of course, thought that was an interesting idea. But I bet I know the answer their execs gave if any of them mentioned it to them. No one is willing to cut their customers off at the knees, even though zombie customers cost the service providers more than they pay.