David Baxter PhD
Late Founder
Tabloid spam is worm?s newest turn
By Bob Sullivan, The Red Tape Chronicles
Tue, Jul 15 2008
No, presidential candidate Barack Obama was not found dead in a "shock accident." John McCain was not ?found unconscious in a toilet.? Will Smith wasn?t "found dead in bathtub" either. And Britney Spears has not broken her arm in a "freak poolside accident."
The truth is quite a bit more subtle. A Microsoft security upgrade in April largely dismantled a network of hijacked computers used by criminals to send spam, and the hackers are desperately trying to rebuild it. To entice users to click on the links that will infect their computers with the notorious Storm worm, they have dispatched an avalanche of e-mail with fantastic news headlines in recent weeks. The average Net user is getting about 60 of the phony news bulletins per day, says the security firm MessageLabs.
Here's a sampling of subject lines:
The Storm worm is the Internet's version of Broadway?s Phantom of the Opera -- the longest running hit show around. Storm first appeared in January 2007, teasing users with a headline about deadly storms that hit Europe -- "230 dead as storm batters Europe," it said, offering a link to a full story. Clickers found themselves infected with the Storm worm.
Storm was an immediate hit for the hackers, who managed to trick hundreds of thousands of recipients into clicking on the booby-trapped link. That enabled them to build an enormous network of hijacked computers, called a botnet, which they use to send out more spam or commit other Internet crimes.
There have been hundreds of Storm variants since the first one, sent by a loosely affiliated gang of computer criminals. Some estimates say that up to 10 million PCs have been infected with Storm at one time or another.
But in April, Microsoft updated its malicious software removal tool, much to the chagrin of the hackers. About four-fifths of the vast Storm network was cut off, said Paul Wood, a security researcher at MessageLabs.
"That really cut into (the hackers) business model." Wood said. "So they are trying to do something to regain their power."
That something is a huge spam campaign with over-the-top subject lines, all designed to be an irresistible click to recipients. Storm has always relied on fake news to entice e-mail recipients, but this latest surge is so creative it would be amusing if the e-mails didn?t pack a very serious punch.
Storm's creators are believed to be in Russia, but it's obvious from the headlines that they have a solid understanding of U.S culture.
"This is a tried and true social engineering tactic," Morss said. "These are almost incredulous headlines, but you kind of want to look. They are going for a common human vice here." Symantec says it has blocked 200 million of these spam messages since April.
Users who click on the link in the body of the e-mail are sometimes sent to a harmless-looking herbal supplement page hawking body part enhancement. Others are sent to a pornographic video Web site that imitates YouTube, and told they must install a plug-in to view the videos.
Agreeing to download any software from porn sites is a recipe for certain Web disaster. But even the supplement sites can be laced with malicious software, Wood says.
To stay safe, never click on a link in an e-mail, even If a subject line about presidential candidates or a Hollywood stars piques your interest. Instead, fire up your Web browser and go to a major news site like msnbc.com to check it out. If John McCain really has challenged Barack Obama to a duel in Weehawken, N.J., I promise our politics section will have the story. And if Madonna is linked to any other famous athlete, Courtney Hazlett and Scoop will be all over it.
By Bob Sullivan, The Red Tape Chronicles
Tue, Jul 15 2008
No, presidential candidate Barack Obama was not found dead in a "shock accident." John McCain was not ?found unconscious in a toilet.? Will Smith wasn?t "found dead in bathtub" either. And Britney Spears has not broken her arm in a "freak poolside accident."
The truth is quite a bit more subtle. A Microsoft security upgrade in April largely dismantled a network of hijacked computers used by criminals to send spam, and the hackers are desperately trying to rebuild it. To entice users to click on the links that will infect their computers with the notorious Storm worm, they have dispatched an avalanche of e-mail with fantastic news headlines in recent weeks. The average Net user is getting about 60 of the phony news bulletins per day, says the security firm MessageLabs.
Here's a sampling of subject lines:
- "Bill Clinton in today's Times - thank god Hilary didn't beat Obama."
- ?Beijing Olympics canceled upon the death of China's president."
- "Obama bows out of presidential race."
- "Scandal rocks Obama as lurid sex video leaked?"
- "Dog digs grave for owner."
- And perhaps the most fantastic of all,
- "Oil falls below $100 a barrel.?
The Storm worm is the Internet's version of Broadway?s Phantom of the Opera -- the longest running hit show around. Storm first appeared in January 2007, teasing users with a headline about deadly storms that hit Europe -- "230 dead as storm batters Europe," it said, offering a link to a full story. Clickers found themselves infected with the Storm worm.
Storm was an immediate hit for the hackers, who managed to trick hundreds of thousands of recipients into clicking on the booby-trapped link. That enabled them to build an enormous network of hijacked computers, called a botnet, which they use to send out more spam or commit other Internet crimes.
There have been hundreds of Storm variants since the first one, sent by a loosely affiliated gang of computer criminals. Some estimates say that up to 10 million PCs have been infected with Storm at one time or another.
But in April, Microsoft updated its malicious software removal tool, much to the chagrin of the hackers. About four-fifths of the vast Storm network was cut off, said Paul Wood, a security researcher at MessageLabs.
"That really cut into (the hackers) business model." Wood said. "So they are trying to do something to regain their power."
That something is a huge spam campaign with over-the-top subject lines, all designed to be an irresistible click to recipients. Storm has always relied on fake news to entice e-mail recipients, but this latest surge is so creative it would be amusing if the e-mails didn?t pack a very serious punch.
Storm's creators are believed to be in Russia, but it's obvious from the headlines that they have a solid understanding of U.S culture.
- "Oprah Winfrey survives horror highway crash.?
- ?Michael Jordan confesses to relationship with Madonna a decade ago.?
- ?Martha Stewart found unconscious in home.?
- ?Obama challenges McCain to a marathon race to see who is fit as the commander-in-chief for USA.?
- "Scientists estimate oil to run out earlier than expected in 2012.?
- ?Lindsay Lohan crashes brand new Lamborghini.?
- See more outrageous spam headlines
"This is a tried and true social engineering tactic," Morss said. "These are almost incredulous headlines, but you kind of want to look. They are going for a common human vice here." Symantec says it has blocked 200 million of these spam messages since April.
Users who click on the link in the body of the e-mail are sometimes sent to a harmless-looking herbal supplement page hawking body part enhancement. Others are sent to a pornographic video Web site that imitates YouTube, and told they must install a plug-in to view the videos.
Agreeing to download any software from porn sites is a recipe for certain Web disaster. But even the supplement sites can be laced with malicious software, Wood says.
To stay safe, never click on a link in an e-mail, even If a subject line about presidential candidates or a Hollywood stars piques your interest. Instead, fire up your Web browser and go to a major news site like msnbc.com to check it out. If John McCain really has challenged Barack Obama to a duel in Weehawken, N.J., I promise our politics section will have the story. And if Madonna is linked to any other famous athlete, Courtney Hazlett and Scoop will be all over it.
