The FBI had a real Debbie Downer message to deliver in 2008: That unexpected Valentine’s Day e-card was not from a secret admirer. Instead, it was an invitation for the unwitting recipient to join the Storm Worm botnet. Learn all about it in this edition of Tech Time Warp.
Storm Worm was first detected in January 2007 following deadly storms in Europe. Storm Worm’s first iteration teased users with the promise of a news story: “230 dead as storm batters Europe.” The “news story,” however, was actually an executable named “Full Clip,” “Full Story,” “Read More,” etc. Once the recipient clicked on the file, malware loaded that added the computer to the Storm Worm botnet.
After the first rash of Storm Worm infections swept across Europe, where users were most likely to click on the attachment, the botnet’s creators switched up their tactics. They move to the e-card as a carrier, often using social engineering by making it appear the e-card came from a known contact. In a later news-based version, they also started using the scintillating headline “FBI vs. Facebook” to draw in botnet victims.
Storm Worm exploited some patched vulnerabilities, including QuickTime and WinZip security holes, to do its dirty work. As a polymorphic virus, Storm Worm’s constantly shifting code makes it hard for antivirus programs to detect. Its creators also employed variants using instant messaging services. Some experts identified Storm Worm as a turning point in malware: The creators’ goal was no longer notoriety but instead profit. A botnet like Storm Worm, with its ability to pump out spam, was worth untold millions.
Did you enjoy this installation of SmarterMSP’s Tech Time Warp? Check out others here.
Photo: newafrica / Shutterstock
