Is a holiday Storm brewing?

Hanukkah begins this evening at sundown, and with the arrival of a new holiday season comes a reminder that not all e-greeting cards may contain best wishes. Researchers at MX Logic's Threat Operation Center warn of a possible outbreak of new variants of the venerable Storm Worm.

'The Storm Worm developers notoriously release variants around holidays that prey on people's vulnerabilities to open festive greeting cards,' said Sam Masiello, director of threat management at Denver-based MX Logic. 'We consider the Storm Worm variants that hit on the Fourth of July and Halloween as a precursor for another variant this holiday season.'

Internet shoppers spend an estimated $733 million on the Monday following Thanksgiving, the traditional start of the online Christmas shopping season. With this increased online activity it could be easier for suspicious e-mail to get under our radar and for an unwanted piece of code to get into our operating systems.

Masiello said he had not seen any examples of malicious code so far this season, but that 'sending an e-card for the holidays makes sense.'

'Internet users should be cautious of opening e-mails that appear to be sent directly from greeting card companies such as Hallmark,' Masiello said. 'Legitimate greeting card companies offer ways to open e-cards other than clicking an e-mail link. These include a confirmation code within the message. Users should copy and paste these codes directly on the e-card Web site.'

Through frequent variations, the Storm Worm has become one of the most successful delivery mechanisms for malicious code and is believed to be responsible for millions of computers infections. These often result in the installation of spyware on the victim machine and recruitment into botnets that can be harnessed to deliver other attacks. The key to its success has been its ability to induce recipients to click on a link or open an attachment by masquerading as a legitimate piece of mail, rather than huge volumes.

'The key to any malicious campaign is social engineering,' Masiello said. 'The Storm Worm has been very good at that.'

It got its name because the subject line in the original version earlier this year was '230 dead as storm batters Europe,' and it has continued to morph since then. Because signature-based engines have limited effectiveness against this kind of attack, the best defense is education and caution.

So have a Happy Hanukkah, a Merry Christmas and a Happy New Year, but think twice before clicking on that link.

About the Author

William Jackson is a Maryland-based freelance writer.

inside gcn

  • Congressman sees broader role for DHS in state and local cyber efforts

    Automating the ATO

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group