Storm Warnings

No doubt you have gotten several emails for ecards, membership, and other subject that contain just a short message and a link to click on. The Security Dawg previously warned about the 'ecard' spam here http://www.securitydawg.com/2007/08/greeting-card-virus-warning.html .

These emails are part of the "Storm" bot network, and the perp is quite cleverly adapting his emails to bypass spam filters and anti-virus programs. The actual program that is downloaded when you click on the link is changing every 30 minutes, according to one report at the Internet Storm Center.

The folks at F-Secure (anti-virus company) have a good writeup of the various permutations of this email here, with screenshots of the emails. The McAfee blog here is also a good source of current information.

This looks to be a widespread and prolific malware author, and it is gathering a steadily increasing 'bot-net' that can be used for many purposes.

Important note: many anti-virus products may not detect this one, since the downloaded program changes rapidly. And it's use of social engineering techniques is part of it's success. Anti-virus may not catch the initial infection, so continued awareness is important.

The Security Dawg recommends that you ensure that your anti-virus is current, run a full anti-virus scan, and be very wary of clicking on any link in an unsolicited email.

"Pass it on".