In early June, Storm creators inundated inboxes with love-themed email messages, as they are wont to do. Now, three weeks later, a new deluge of Storm spam is bringing news of a “new” earthquake that supposedly struck China.
There are several subject lines used, mostly referring to the earthquake. A sample of a spammed email message is as follows:
This does not seem to refer to the month-old Sichuan earthquake that devastated parts of the said country May 12th, but is rather bogus news meant to cast the upcoming 2008 Olympics in dangerous light (as can be inferred from a most telling line in the quoted text below). The link in the message body points to a Web site, where the following text appears (emphasis ours):
Strongest earthquake hits Beijing A new powerful disaster just occurred in China. The most deadly, 9 magnitude, earthquake took away million of lives in the heart of China, Beijing. Rapidly growing panic paralyzed life of Chinese capital. 2008 Olympic Games are under the threat of failure. Click on the video to see the details of this terrible disaster and choose either Open or Run.
The above text is followed by a supposed video which, when clicked, downloads a file named BEIJING.EXE. This is a malicious file detected by Trend Micro as WORM_NUWAR.YH.
Carrying “news” in spammed email messages that it issues is another old trick from Storm’s social engineering book. After hitchhiking on real news the first time (after which it earned its “Storm” brand), Storm’s subsequent headlines did not necessarily have to be true, as long as they still hinted of gloom and doom. These methods have been noticed as warnings regarding missile strikes and World War III were propagated.
Thus the latest development goes in this long-running malware family, which has so far been the most active in maintaining its social engineering calendar, churning out spam and malware on (or in anticipation of) red-letter dates — or, in this case, stringing together sensational headlines that trivialize genuine tragedies.
While not from the Storm botnet, aftershocks of last May’s real earthquake came in the form of a scam, targeting would-be donors to the rescue efforts in China. Of course, it seems particularly insensitive to either target those who want to help, or make up an incident that could revive fears so soon after such an event just came to pass for real, but compassion is not something one could expect from criminals.
Users of Trend Micro products with Smart Protection Network are already protected from the abovementioned spam. We recommend that others be careful not to click haphazardly on similar-sounding email messages that are unsolicited, as their curiosity and/or good intentions might work in malicious users’ favor.