Storm Worm Spreading Some Holiday Cheer

Storm is back in the festive season spreading some xmas and new year love. They even have a new year greeting site ready for spreading New Year related Storm Worm variants.

Social Engineering again, people are always more susceptible during holidays, I guess they are happy and less paranoid.

The Storm Worm gang are spreading seasonal ill-will. Security watchers have spotted New Year greeting spam runs that attempt to direct recipients to a malicious web site called

Anti-virus firm F-Secure warns that although the site remains free of exploits (for now) the spam run is likely to be a prelude for a New Year’s Eve-themed Storm Worm attack.

Things are getting tricky again, these Storm guys are really pushing the envelope for global domination with their nasty botnet, I guess there really is a lot of money in the business.

Malware miscreants are making early preparations for the New Year after they left it too late for Christmas, only striking on Christmas Eve. A widely-circulated email first distributed on December 24 pointed to a website containing a malicious Santa Claus-themed striptease.

The emails, which have varied subject lines including “Your Secret Santa”, “Santa Said, HO HO HO”, “Warm Up this Christmas” and “Mrs. Clause Is Out Tonight!” attempt to entice prospective marks into visiting a website containing images of scantily clad young women in a Santa suits. The images and “Download for free now!” button both linked to a variant of the Storm Worm, anti-virus firm Sophos reports.

So make sure you tell people, be careful about greeting cards from unknown addresses. And well let’s face it, be careful about anything from any address, don’t simply run executables you didn’t request and don’t go to dodgy sites – stick to Yahoo! Hallmark and other well known e-card providers.

You can read more on SANS ISC about Storm here.

Source: The Register

Posted in: Malware

, , , , , , , , , ,

Latest Posts:

Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.

34 Responses to Storm Worm Spreading Some Holiday Cheer

  1. goodpeople December 28, 2007 at 8:51 am #

    Eventually the storm botnet will terminate itself. Someone is bound to spread a program on it that will force the majority of users to do a complete reinstall of their systems.

    At least, I hope so… :-)

  2. mumble December 28, 2007 at 1:13 pm #

    This is one to warn the friends, family and relatives about… At least I don’t have to worry about my home situation – it’s all Linux boxes…

  3. Sir Henry December 28, 2007 at 5:06 pm #


    And hopefully that reinstall will morph into a move to linux or some other more secure flavor of OS.

  4. Nobody_Holme December 28, 2007 at 5:28 pm #

    I got that email -.-
    Ah well, i guess the yahoomail spam filter is good for something.

  5. Sir Henry December 28, 2007 at 6:51 pm #

    Gmail must be doing its job as I never received the email.

  6. Bogwitch December 29, 2007 at 1:10 am #

    @Sir Henry

    As much as your Utopian view would be an ideal, if people can’t turn off services in MS software and select decent passwords, what chance are they going to have with Linux?

  7. Sir Henry December 29, 2007 at 1:16 am #


    It is truly Utopian rhetoric. Although I make such declarations, I would fear having to help those who made the switch to Linux while they were so endeared by the supposed simplicity bestowed upon them by Microsoft.

  8. Pantagruel December 29, 2007 at 9:59 am #

    @ all wishfull thinkers above ;)

    I guess it will be more likely the bulk of people will move to Apple in favor of linux. It’s OS X (BSD foundation) with southing GUI and plug ‘n play alike features concerning adding hardware (external) comes closest to the Windows experience (XP or Vista). Sir Henry’s remark about the endeared ‘simplicity’ is the sweet spot and main reason why the majority of home and office users are running their pc on the MS OS. Eventhough divers Linux distro’s are aiming for a similar simplicity of use, they have still far behind. Yes my parenst and spous can worl with a pre-installed and fully configured linux box (SuSe, Ubuntu/what ever is your fancy) but are bound to get into problems when wanting to get those X-mas pictures from the digital camera [… and why is their no pop-up catering to the needs of me copying/editing needs after pluggign in the camera… {assuming the distro recognises the camera}]

  9. Sir Henry December 29, 2007 at 2:18 pm #


    “Eventhough divers Linux distro

  10. Pantagruel December 29, 2007 at 3:41 pm #

    Sir Henry is right.
    Eventhough some linux distributions are trying very hard to adopt the look and feel of Windows XP/Vista they will hardly gain any new users or converts. Linux has been designed with another mind setting and was internet capable long before windows knew how to browse the net.
    I am an avid linux user and nearly all machine here’s run flavors of linux, especially the servers. Ofcourse we also have Windows XP (forgive me for I have sinned and not upgraded to Vista yet ; ) and recently added a MacMini to the computer farm.
    For me all OSses have their spot, user crowd and unique reason to use them.
    A few of the unique reasons to use linux would be: stability, powerfull CLI, hardware demands (quite modest when compared to XP, Win2k3 server or Vista), community support and versatility.

    Cavernous rants are welcome, Darknet doesn’t mind, .. I guess

    Memo to self: Check your spelling and remove the 15 month old from you lap while typing

  11. Sir Henry December 29, 2007 at 5:07 pm #

    At the time of my comment, my 10-month-old was busying himself with the all his new toys, thus the only way that I could type coherently without spelling things with surreptitious numbers and characters.

    Also, shame on you for not upgrading to Vista? Heh, more like shame on you if you had upgraded. ;p

  12. Darknet December 29, 2007 at 5:22 pm #

    Nah I don’t mind – but there is no longer an excuse for misspelling as Firefox now has a spell checker built in for text fields :)

  13. sir Henry December 29, 2007 at 10:03 pm #

    There is no better substitute than having an English major/grammar nazi for a mom while growing up. But, ff is a good backup, too. ;)

  14. Eksith December 30, 2007 at 2:40 pm #

    The real sad part is that some people don’t know and others don’t care.

    Yes, there are people who don’t do anything with their computer other than browse and check email, and if they don’t see any appreciable difference in their system while doing their thing, they don’t worry about it.

    When something is really user friendly, they tend to think, they can use it with no ill effects with just a quick warmup. They don’t realize there’s a lot more to browsing online than just clicking links.
    These people need to be educated, or if they are unwilling to learn, have to be shown what happens when you run a system without precautions.

    Sooner or later they will find out, but by then, there will be hundreds to thousands of more people to replace that one na

  15. goodpeople December 31, 2007 at 9:21 am #


    Sorry dude, I have to correct you here a little. You write that “Linux has been designed with another mind setting and was internet capable long before windows knew how to browse the net.”

    That is not true. Linux has been designed to be an Operating System. Period. It has been Internet capable long before _Microsoft_ invented the Internet.

    It will probably be next year before I have the time to join this discussion, but I will. Some things are being said here that really require my input.. :-)

    I wish you all a happy newyear, and take it easy on the fireworks. Remember, typing is very had if you blew your fingers away.

  16. Pantagruel January 1, 2008 at 5:11 pm #

    @ goodpeople

    No need to be sorry.

    I can only read your correction as my remark being rehashed, I see no significant changes.

    Actually the linux kernel started as a non-commercial replacement for MINIX. In the very beginning Linux was dependent on the MINIX userspace. I’ll refrain from copy-pasting the Wiki ( )

    MS would have been very pleased to have ‘invented’ the internet.
    I suggest scouring wiki/google/etc for remarks regarding (D)ARPA, MILNET, NSI, NSFNet, CERN, etc. ARPA started somewhere about the 1960’s, some 15 years before a certain B. Gates showed his BASIC version to Altair kickstarting his ‘Microsoft’ empire.

    Do not fear, the only that went ‘pop’ in our case was the champagne. I can not be bothered to spent a single euro cent on fireworks.

  17. goodpeople January 2, 2008 at 3:53 pm #

    I was just being sarcastic. Didn’t Bill Gates write in his first book that M$ “invented” the Internet, or something like that? I don’t know the exact words because I didn’t read it.

    I’ve been using Linux (and several other flavours of *nix) since Readhat 2 and never even felt tempted to use anything else. And of course I know the story behind Linux.

    My $0,02:

    Linux developers have always been looking at Microsoft. And with good reason. Windows has been a great example. Windows has shown the Linux developers what a modern OS can do. Then the Linux guys started coding and showed Windows how it should be done. And of course Linux-users have been trying to convince Windows-users that Linux is better, faster, safer, more stable, etc.

    I think that by now Linux is mature enough to distance itself from Windows. Linux should stop wanting to look like Windows. Don’t you think it is strange that Linux wants to look like Windows, while Microsoft uses some of the Linux codebase to make Windows work better?

    We should stop comparing the two. Linux is way ahead of Windows in most areas. On some other areas it still has to grow a bit more. And we must accept the fact that some people actually feel happy using Windows.

  18. Sir Henry January 2, 2008 at 4:08 pm #



  19. goodpeople January 2, 2008 at 5:00 pm #

    Exactly! I always feel like there’s alot of time and energy wasted on trivia that could also be invested in improving the Linux experience.

    The people you mention above that are not ready to make the switch yet, will only be ready when they can play their games on Linux. An preferrably the Windows versions they already have (god forbid that they have to buy new software) so Wine should do ActiveX.

  20. Sir Henry January 2, 2008 at 5:26 pm #


    It seems to me that these people want the same type of turn-key, “We will do everything for you so that you do not have to learn anything yourself” type of OS that you get with Windows. Given, I am not saying that you cannot learn anything while using Windows, but I feel that you do not have the same “Eureka!” moments or opportunities to learn new things everyday as you can with Linux. The latter, as stated before, being solely my opinion.

  21. Darknet January 2, 2008 at 5:41 pm #

    It’s not only that – it’s also about buying that new camera from Best buy for $49.99 and not being able to install the programs that come with it – or even being able to get it to work in most cases.

    Look at what Apple have done with BSD in turning it into OSX, BSD was even less friendly than most Linux distros – all they did was forget about the coding and concentrated their millions of greenbacks into research and development in Human Computer Interfaces.

    Linux needs to stop worrying about KDE (looks too much like Windows indeed) and start developing a real, easy to use and intuitive (and attractive) windowing system.

    Plus work on basic usability like plug and play, installing drivers and software and so on.

  22. goodpeople January 2, 2008 at 8:24 pm #

    @Sir Henry

    Wasn’t that why they make Ubuntu in the first place? To keep all the complex configuration things away from the average user? Some students of mine are running Ubuntu and don’t understand the first thing about Linux. They just want the fancy 3D desktop.

    I tried Ubuntu last year. Didn’t like it, but couldn’t quite put my finger on the sore spot if you know what I mean. It took me a while to realize it was the same touchy-feely-icky-yucky feeling I also get from Gnome.

    Thank god I’m not alone on that last one. Read the article below for more information.


    Those are the areas I think Linux needs to grow in. It hurts that I still can’t get my PDA to synchronize after several evenings of heavy hacking. Windows recognized my PDA instantly.

  23. Sir Henry January 3, 2008 at 2:58 am #


    I believe that Ubuntu was made to reach a larger audience, but the average user would still need to get his/her hands dirty in order to get things working in the way they wished. It is rather unfortunate, however, that there are those users who have Ubuntu (like those students mentioned) and know nary a thing about Linux. Perhaps it was the fact that I cut my teeth on Unix, then Solaris, then Red Hat and Mandrake, then eventually ended up with Ubuntu. I, however, am always up for trying new distros and had a hearty laugh at the usability message that you posted.

    In regard to the latest version of Ubuntu, I, like many others, feel that the developers traded value for flashy graphics and other non-essential items. So far, I feel that it is a bit bloated compared to the other versions and have considered rolling back to the last known “stable” version.

    I digress, however. All this talk of Linux and I am straying far from the original topic. Sorry, Darknet.

  24. eM3rC January 6, 2008 at 10:02 pm #

    God, huge discussion going on here…

    Just wanted to talk about the worm really quick. Seems like another typical plot to get infected PCs although the news on the botnet and the trojan used to replace adsense ads has me a little surprised. It seems like hackers are taking their art to the next level.

    And about the OS discussion.
    Mac is the best for most users imo
    PC is good for gamers, hackers, and people who like to tweak their computers
    Linux is for those who like to have things just how they like them, although this requires a little bit on knowledge about the linux OS

  25. Sir Henry January 8, 2008 at 8:55 pm #


    Although I see some validity in your points regarding OS, I find it hard to believe that PCs (I am assuming this is a reference to Windows) are for hackers above and beyond Linux. I have personally found that the security tools available for Linux are A) more prevalent, B) more robust and C) better. Given, I know that Metasploit is a popular feather for the Windows cap, but I would rather work with something in linux and get a deeper understanding of the mechanics rather than make a few clicks to pwn something. As I have stated before, however, this is merely my opinion.

  26. goodpeople January 8, 2008 at 10:37 pm #

    The OS discussion from a helpdesk point of view:

    If there’s something wrong and assistance from the helpdesk is required:
    Mac users will say something like “I may have done someting wrong. Can you point me in the right direction?
    Windows users blame everyone and everything except themselves and their own computer.
    Linux users usually don’t call the helpdesk and fix their own problems.

    As far as sec-tools are concerned, I’m in the Linux camp for all the reasons Sir Henry pointed out. (Although I also use MetaSploit).

  27. Sir Henry January 8, 2008 at 10:52 pm #


    Your response is why I come to this site. I am still laughing about your description of the different user types and how accurate they are.

    As for Metasploit, I like to think of it as the no-brainer action flick you watch when you want all the action, but do not have to waste any brain cycles in the process.

  28. Pantagruel January 8, 2008 at 11:15 pm #



    No flame war inteded. I use all the below mentioned ones, each for their own unique reason/specific charateristics and for all of them it’s a love and hate relationship. I sincerely believe there is no ‘the one OS’ just some OS which tends to be just a tadd smarter/versatile.

    We have had plenty of Mac (ab)users who react in an Windows user fashion simply because some of them firmly believe it to be a superior OS for users more intelligent than those poor Windows adepts rendering them ‘immune’ from the simple user induced mistakes bringing an OS to a grinding halt.
    Windows users on the other hand are quite capable of inducing problems simply because a large amount of them think that, having a Windows machine at home equals knowing the intricate details thus giving them enough ‘rights’ to add registry keys and wreak havoc by editing essential files (…I do this at home and it always/usually work….).
    Linux users indeed know that they themselves induced the behavior exhibited by the OS or application and do not bother calling the desk, knowing they will be faced with the response: ‘you should not have meddled with that particular part…’
    But it’s a good laugh to reread the helpdesk definition of an OS user.

    Regarding sec-tools/app/etc I try not to limit myself to just one ‘holy grail’ appication or OS. Depending on the targeted OS you need the mixed bag of OS and tools to explore all (or nearly all) holes. You never know what favored flavour they hacker has.

  29. goodpeople January 9, 2008 at 12:03 am #


    Ofcourse! You always have to use the right/best tool for the job. No argument there. I also (ab)use them all if I have to. But given the choice, I’d prefer the Linux version.

    @Sir Henry,

    I believe I once mentioned here that I also give lectures and demonstrations. It’s always fun to do a lecture for some usergroup and use MetaSploit to open a remote shell on a Windows-box that runs in a virtual environment on my laptop. MetaSploit is ideal for demonstrations.
    When I’m invited to speak, I usually warn them to put me up last, because when I’m done, people tend to run home to secure their networks… ;-)

  30. eM3rC January 9, 2008 at 3:14 am #

    @ Sir Henry

    Most “hackers” that I see on the internet are script kiddies who simply run some exe or AIO CD that a hacker is created to hack website/computer. I am in total agreement with you in the point that linux has more tools and is overall a better system for hacking (take BackTrack or WireShark for an example). In my rebuttal I would like to say it is a good OS but not one of the best.

    @ goodpeople

    Guilty as charged =P
    Great descriptions.

  31. eM3rC January 9, 2008 at 3:19 am #

    Opps, noticed there was more.


    Great points. Another thing that I would like to add is cost and the amount of computer knowledge a person has. Mac users have one of the easiest OSs to operate and as a result are not faced with many problems. Why don’t more people have macs? Answer is compatibility issues (slowly going away now) and cost. In regards to Linux, this operating system can be one of the best out there in both cost and reliability, only problem is the user needs to know the basic commands (although Ubuntu seems to be in the early stages of changing this).

    For people that don’t wanna read the paragraph above, PCs are cheap, and easy to use but are unreliable, Macs are expensive, easy to use, but are very reliable and the Linux OS is free, somewhat hard to get used to, and very reliable.

  32. goodpeople January 9, 2008 at 5:17 pm #


    Backtrack is Linux live-cd. Wireshark is an application.

  33. Sir Henry January 9, 2008 at 5:28 pm #


    Compatibility is a paradigm and a state of mind for Mac users, especially if they have switched from Windows. The problem with the idea of compatibility is that one associates the Mac with Windows and how applications they once used in Windows cannot be run on Mac. The paradigm shift is when the Mac user realizes that it isn’t about the applications that do not work in Windows, it is about the applications on Mac that have a similar end result as with the Windows applications. For me, having switched to Linux a while ago, but more recently using the Mac OS, I have found that I can do anything and more than that of my Windows OS days of use.

  34. zupakomputer March 13, 2008 at 2:11 pm #

    OSs – speaking from the POV of having used CLI DOS and BBC Basic at school, before Windows was about, and having primarily an interest in games looking like they did in the arcades, people tend not to be interested in going through any hassle in getting things to run – they just want to play their music, games, watch videos and so forth.

    So, although we had Macs also before Windows got popular, a Mac back then (even today for new models) is way out of price range as a home machine – so when Windows first arrived and games started to appear on the PC, it was a godsend because finally – someone had gotten around to making a GUI like Apples, but made it on a platform that had games – games with graphics and sound like the arcade quality.

    True, there were other machines around that were doing that kind of thing very successfully (eg – Atari ST, Amiga 500). But the difference with what the IBM-compatible did was it made your parents pay for a computer because it looked like a serious office machine that you could do non-gaming things with. Whereas the Ataris and the Amigas came out of the home computer for games and hobbies area.

    Wanting to know how to be a hacker or a programmer, was a different thing entirely to actually getting your head around it. I was an arts subject major, except in some key areas in science, and to be honest – subjects like computing and maths are not taught in ways that make sense to an arts mind. It wasn’t until I got interested seriously in what the universe actually is, and got into ‘practical shamanism’ that the hard sciences really started to make any sense to me.

    So, to get back to the OS discussions – yes, what Linux needs to do in terms of wooing customers over, is be as user-friendly as Macs and Windows. There’s a lot of games on Linux already but they aren’t for the most part the games that people pay big money to play on their Windows PCs (and they also pay big money on their hardware too). At the end of the day they’ll attract people over because the OS is free or substantially cheaper.

    Folks that like to tweak with the inner workings of computers are a different load of folks – in the same way that car customisers are a different set of folks than the majority who just want a car that works and gets decent mileage.

    *nix is always going to be the systems admin and security choice – a lot of the Apple and Windows server packs look rather attractive, and are more for (other than sleek tech look when it comes to Macs, and the possibility that Itaniums may be more secure via their obscurity – a lot of x86 tricks need rewritten to work on them) admins that work more on a ‘learn the GUI, point and click’ basis – ie, they keep networks running but aren’t necessarily interested in knowing what’s going on in the background.
    Nowt wrong with that, I just mean to highlight an area in running networks that is again a different approach to the really techie side of it.
    It’s a kind of middle-tier in IT and it’s been about for a good while, and it’s going to keep growing as Microsoft certs stay popular, and HPC vendors move more into providing servers and datacenters preconfigured, with easy GUI set-up wizards.
    And of course the *nix (and other more specialised OSs) is still needed behind and in support of all that.

    Anyway – the main gist here was that I don’t want to see Linux getting a backlash from consumers when they discover that its security features are more from a systems admin POV. It’s not that as a consumer-targeted OS it’s insecure, it’s just that serious hackers know about Linux, and off-the-shelf folks tend not to, so they’re still open to exploits and they aren’t going to be wanting to go changing code so that inbuilt root accounts and so forth are disabled.
    Cause in all honesty, there’ll be folks running a Linux distro who are as open to their OS being compromised as they were on a Windows 95 desktop password.

    Also, as fast internet links become more available, a system crash and reinstall @ home isn’t that big a deal anymore: as long as you have apps and OSs on installs of some kind, and have your files on a separate hdd, and have your browser prefs and saves saved, that you’d need to load the OS on again is only going to take less than an hour.

    Check your bank accounts credits and debits regularly, and get an application that shows exactly what bandwidth you’re getting online, what’s it being used for, what ports / connections are on, and shows what your system resources are being used on. It won’t catch the ones that know how to hide or do even more sophisticated stuff, but it’ll show up if your resources are running on any botnets – may even prevent it if they have to hide during detection, to keep a systems resources app running in the background.

    It’s the plastic money society that’s the problem; people leaving their card details online and relying on easy payments, when the banks could have stuck with their freely available magnetic strip cheque clearing systems. They just keep moving to less secure systems; the chip & pin is less secure than the previous system, and the previous system was already insecure to an alarming degree.

    As an example of how people are encouraged to put themselves at needless risk – I had a free e-mail that changed its good settings to some javascript based nonsense that corrupted my browser, rendering it useless to me. I had it associated to my ebay account, so I wanted to change that to a different e-mail. They insisted that I put my card on their database, and that I wasn’t able to remove it (I always remove my payment details from anyplace I purchase online right after the purchase, or I change them to a non-working version, so they can’t be skimmed or worse) – just to change my e-mail. So, for some years now I haven’t been able to use ebay, cause there’s no way I’d leave my card details online.