New Storm Trojan tactic uses football game tracker as bait
The authors and promulgators of the Storm Trojan are very devious and criminally clever people. Every month they seem to completely change the nature of the scams used in the spam emails sent from already infected computers. Each new scam uses a different type of social engineering to deceive spam recipients into clicking on the (numeric) link embedded in those messages. Usually the links are shown as numeric, but lately some are concealing the destination until you hold the mouse over the link, at which time you will see a numeric URL. An example of a numeric URL would be: http://127.0.0.1/. The same link wrapped inside a friendly name cover might resemble this: devious words, which leads to the same numeric destination, when you mouse-over the link. The destinations in my examples go to your own computer, at 127.0.0.1 (local machine), for safety sake.
Earlier this summer the trick most widely used was the postcard scam. Now they are kicking it up a notch and appealing to sports fans' curiousity; to fool them into infecting themselves. With the US professional football season kicking off this month (pun intended), the criminal minds authoring the Storm Trojan email scams have unleashed a series of new messages all aimed at enticing football fans into downloading a so-called "game tracker." As with all of the previous Storm Trojan payloads this one resides inside infected computers onto which a web server has been installed. If you click on the link in the scam email you will see a real web page containing all kinds of descriptions and links to features and information. There is even an image map that is one huge link. Every single one of the links on these pages go to one and only one place: "tracker.exe." Click on that and what you thought was a game tracker program will in reality turn your computer into another zombie member of the Storm Trojan BotNet.
Another trick being employed by the Storm Trojan is a link supposedly to a program that prevents the RIAA from tracking files shared illegally over peer to peer networks. Again, this is the Storm Trojan at the other end of those links.
If you use MailWasher Pro to screen your incoming email and are not already using my custom spam filters, what are you waiting for? They are free for you to use! They are my gift to the World. I hate spam and want to help others detect and delete it, before threats like the Storm Trojan can fool them into becoming unwitting victims. You can even discuss my filters in my own topic labeled: Wizcrafts Custom MailWasher Pro Filters discussed here, on the Firetrust.com forums.
Please use caution with any links arriving in email messages from senders you don't know, or even those you do know. Do not click blindly on links in emails, especially if they are numeric! Those IP addresses are infected home or office computers, on DSL or Cable Internet services.
The Storm Trojan keeps changing its tactics to entice as many people as possible into becoming members of its BotNet. As such your computer will be used to host web pages containing extremely dangerous files, and will have a spam email relay installed and other malware. Your computer may even be used in criminal acts such as denial of service attacks. Be sure you keep your Windows computers fully patched with Windows Updates and have anti-spyware and anti-virus programs and a firewall installed, updated and running. Scan for acquired threats often. There are plenty of legitimate anti-malware programs available for you to use to protect your computers from threats like this and some of them are advertisers on this blog. They are Spy Sweeper, Spyware Doctor, Norton Internet Security, Spybot Search and Destroy and others.
Read my blog articles about running as a Limited or Power User to protect Windows XP and 2000 PCs from most malware threats. If you use Windows Vista do not turn off the user account control security alerts! Do not run as a computer administrator for your daily browsing. Use the Administrator account to do maintenance or to install drivers, but not to surf the Internet.
If you like this article please share it.
The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.