back to article Unwanted e-card conceals a Storm

There's a new version of the Storm Trojan on the loose, disguised as an e-postcard but actually recruiting zombies for a botnet, according to the SANS Institute's Internet Storm Centre. The attack arrives as a spam with the subject line "You've received a postcard from a family member!" and contains links to one of several …

COMMENTS

This topic is closed for new posts.
  1. Gavin McMenemy

    Obviously the average user is "well trained"

    Has the entire population of the planet been turned into some sort of pavlovian dog? The merest hint of an e-card and they are merrily clicking away (and probably wondering where dinner is)...

    I am put in mind of those pigeon guided missiles where the hapless bird is taught to peck in a certain place (thus guiding a missile) until they hit their target.

    Perhaps we've discovered a new use for gullible fools?

  2. Anonymous Coward
    Anonymous Coward

    Que?

    "SANS ran it through 30 different anti-virus programs, only a quarter of them picked up ecard.exe as a suspect download"

    And which ones found it and - more importantly - which ones didn't?

  3. Anonymous Coward
    Anonymous Coward

    Standard message to any malware article.

    On behalf of the entire (insert random system here) community I would like to say that this won't affect any user with any system other than a Windows PC.

    Therefore, this trojan/virus is actually Bill Gates' fault.

    This will save all the representatives of (insert random system here) from posting similar comments.

    I thank you.

  4. Anonymous Coward
    Anonymous Coward

    disguised as an e-postcard

    Not much of a disguise. It's been years since someone's come up with a new way of distributing malware.

    Why do people keep falling for these scams?

  5. Phillip Dixon

    Why is this a Windows Fault?

    How come we keep coming back to the same old argument that every virus is a fault of Microsoft?

    I'm so tired of hearing the same argument over and over. Windows isn't perfect but at least when it does get a virus the average end user stands a good chance of removing it. When Linux gets a virus (despite popular belief it does happen) the average user can't get rid of it.

    When the days comes that Linux is as easy to use as Windows (and one day it will happen but not just yet) then we can have this discussion. In the meantime rather than blame Bill Gates each user needs to take responsibility for their own computer. System administrators in particular need to take responsibility for those who are unable to take responsibility for themselves.

    No system is perfect and it's a difficult task of risk management but if a system gets a virus it's a shortcoming of the system design, policy implementation, user training and ultimately a sign of a lazy, unmotivated or just poorly trained system administrator not Bill Gates.

    The IT sector has far too many nerds and not enough people who are good with the other side of things. The policy creation, the user training, the proactive monitoring of things, the implementing new procedures and aggressively getting off their comfortable seat that has moulded to their backside and understanding the limitations of general users.

  6. Anonymous Coward
    Anonymous Coward

    Re: Que?

    The SANS report says -

    AhnLab-V3 2007.6.27.0 06.28.2007 no virus found

    AntiVir 7.4.0.34 06.28.2007 HEUR/Crypted

    Authentium 4.93.8 06.27.2007 no virus found

    Avast 4.7.997.0 06.27.2007 no virus found

    AVG 7.5.0.476 06.28.2007 no virus found

    BitDefender 7.2 06.28.2007 no virus found

    CAT-QuickHeal 9.00 06.27.2007 no virus found

    ClamAV devel-20070416 06.28.2007 no virus found

    DrWeb 4.33 06.28.2007 no virus found

    eSafe 7.0.15.0 06.27.2007 Suspicious Trojan/Worm

    eTrust-Vet 30.8.3747 06.28.2007 no virus found

    Ewido 4.0 06.27.2007 no virus found

    FileAdvisor 1 06.28.2007 no virus found

    Fortinet 2.91.0.0 06.28.2007 no virus found

    F-Prot 4.3.2.48 06.28.2007 no virus found

    F-Secure 6.70.13030.0 06.28.2007 Tibs.gen118

    Ikarus T3.1.1.8 06.28.2007 no virus found

    Kaspersky 4.0.2.24 06.28.2007 no virus found

    McAfee 5062 06.27.2007 no virus found

    Microsoft 1.2701 06.28.2007 no virus found

    NOD32v2 2360 06.28.2007 no virus found

    Norman 5.80.02 06.27.2007 Tibs.gen118

    Panda 9.0.0.4 06.28.2007 Suspicious file

    Sophos 4.19.0 06.24.2007 no virus found

    Sunbelt 2.2.907.0 06.27.2007 VIPRE.Suspicious

    Symantec 10 06.28.2007 no virus found

    TheHacker 6.1.6.140 06.28.2007 no virus found

    VBA32 3.12.0.2 06.27.2007 no virus found

    VirusBuster 4.3.23:9 06.27.2007 no virus found

    Webwasher-Gateway 6.0.1 06.28.2007 Heuristic.Crypted

  7. Anonymous Coward
    Anonymous Coward

    Why do people fall for these scams?

    Simple

    "Humans, are stupid."

    I've been saying this for years.

  8. Guy

    Mr Barnum

    We now have proof that the great man was wrong, there are definitely at least two born every minute

  9. Anonymous Coward
    Anonymous Coward

    Turn it off?

    >"this calls home to a malware hosting server which SANS

    > says has been active since December 2006"

    Can't this be shut down surely it's operating illegally in most countries?

    And of course people want to see e-cards, it's because people

    send them legitimate e-cards sometimes so they think it might

    be one this time.

  10. Rob Crawford

    Ermm havn't you noticed

    I hate to get pedantic, but anti virus software is for detecting visuses not malware

    I'm not surprised that this turned up

    --

    F-Prot 4.3.2.48 06.28.2007 no virus found

    F-Secure 6.70.13030.0 06.28.2007 Tibs.gen118

    ---

    Really you should be running both (horses for courses)

    For example McAfees Virus Scan enterprise with anti Spyware dosn't find spyware which is a bit crap.

    However I wouldn't expect Virus scan (on it's own) itsself to find spyware (despite having a very low opinion of McAfees products)

    It's a bit like expecting to produce decent web pages using MS Word.

  11. David Eddleman

    Well...

    "Therefore, this trojan/virus is actually Bill Gates' fault."

    Who let the troll out of his cage?

    As for the whole "virus/malware" thing, "malware" is anything dangerous to your system. It's a much wider grouping than "virus" or "worm" or "trojan".

  12. Mike

    Trolls and Truth

    I agree that laying the blame at Bill Gate's door is non-productive. MSFT only sells what people buy. The ones I want to rid the world of are the ones who think every little task _deserves_ the full-on Javascript/Flash/Active-X malware soup, so that if, for example, I want to look at my pay-stub, or put in for vacation, or make a medical appointment, or renew a library book, I _must_ set my browser into total-web-slut mode. Thus setting me up for disaster...

  13. Anonymous Coward
    Anonymous Coward

    Mailwasher

    I got this fake ecard too, Mailwasher has flagged it as a blacklisted origin by "RBL - SpamCop", if it hadn't I would've flagged it as spam/deletable myself like I do with all things like that.

    The problem with making things too 'kid gloves' for users is they don't have the foggiest what to do when things go wrong, Windows Explorer is perhaps one of the most important tools on Win machines yet most people don't have a clue how to use it to manage (or even know where their files are), the same applies to email, software has made things easier for people but it's also made them learn less about identifying emails they should immediately delete, even ones that slip through anti-spam filters (if they or their ISP's mailserver has one).

    Incedentally the email before that one has the subject "Increase your self confidence along with your penis." but I already have confidence in my penis thank you very much, it's the university diplomas and Russian bride that I'm still waiting on delivery, they're probably sitting in my local Royal Mail sorting depot (damn strike).

  14. wim

    re Obviously the average user is "well trained"

    Obviously the average user is "well trained"

    Do you think it is fair to assume that people who only use PC's for email and browsing are well educated ?

    Let's face once you will leave your field of work / study / research you are just as stupid as them.

  15. James Penketh

    Title? What? Why?

    I got one of these. At first I thought it was a blank email.

    then I saw the attachment. ecard.exe. Oh come on...

    do they really think I'm gonna be stupid enough to open it?

    Obviously yes.

    But there must be enough people stupid enough to run the thing to make it a worthwhile activity for the virus/malware/etc. people, otherwise they wouldn't do it.

    "There are two things that are infinite, the universe, and human stupidity. And I'm not so sure of the former."

    - Einstein.

  16. Anonymous Coward
    Anonymous Coward

    Can of worms

    *creeeak* The sound of a can of worms being opened...

    I LOVE viruses and trojans, especially the smart ones that are difficult to get rid of. They make me a LOT of money. I am a computer technician who helps people setup and use networks. This also involves a great deal of time spent cleaning their Windows machines (now I think about it, I have never had to clean a Linux machine) after they have contracted various viruses, trojans and spyware.

    Recently I cleaned a clients machine after he visited a compromised website. He did nothing else apart from visiting the site. A few hours later I gave him the bill. He was not impressed with the ability of his computer system to get compromised that way, as it was up-to-date with patches and has active anti-virus and anti-spyware software.

    Why do people "want to buy" something that is, most likely, going to get infected from activities such as visiting a compromised website? What I don't understand is why people CHOOSE (because it IS a choice even if most people don't know that they are making it, and just tick the Microsoft box) to buy software that allows this to happen?

    Needless to say I dual-boot MS Windows XP and Ububtu GNU/Linux on my laptop. I won't go into Ububtu fandom rants, but it does allow me to visit these types of sites and download the ecard.exe's of the world and have a look at them. I have looked at the infection methods of various trojans which spread using USB keys, and network shares using Ubuntu, safe in the knowledge and peace of mind that I CANNOT get infected by anything. This is invaluable to me in my profession and helps me get rid of nasty crap off computers faster, saving my clients both time and money.

    Finally, I want to thank Bill Gates and Microsoft for making it possible for me to make a living doing this. It is not easy for ordinary people to make their computer systems and networks "just work". They want to focus on their business and make some money without having to worry about all this stuff. I am more than happy to help them doing this, but I still wonder why they pay for the software which creates these headaches in the first place, and then they pay again for my time to fix it.

    Hamish

  17. Anonymous Coward
    Anonymous Coward

    Sarcasm Detector Fault

    "How come we keep coming back to the same old argument that every virus is a fault of Microsoft?"

    Dear Phil and Dave,

    Far from being a troll, I believe this was a tongue-in-cheek way of pre-empting the usual linux/mac fanboy responses.

    HTH.

  18. Henry Wertz

    I'm with Hamish

    "Windows isn't perfect but at least when it does get a virus the average end user stands a good chance of removing it." That's simply not so. Hamish and others wouldn't be making a living removing viruses from fully patched and updates systems if the owners could do it themselves. "When Linux gets a virus (despite popular belief it does happen) the average user can't get rid of it." This is also true, the average user wouldn't be able to pull a Linux virus either -- except, by default, you won't get a virus under Linux. Distros default to having no open ports, and web and e-mail software won't haphazardly start running executables.

    "In the meantime rather than blame Bill Gates each user needs to take responsibility for their own computer. System administrators in particular need to take responsibility for those who are unable to take responsibility for themselves."

    Umm, I should crack into neighbor's machines and fix them? Most of the virus problem is from home users, honestly.

    "No system is perfect and it's a difficult task of risk management but if a system gets a virus it's a shortcoming of the system design, policy implementation, user training and ultimately a sign of a lazy, unmotivated or just poorly trained system administrator not Bill Gates."

    I blame Gates and co. After all, Microsoft did the system design, and default policy, which the average user is not going to change. Administrators should be able to harden the system (remove I.E. and Outlook, that'll do most of it), but the system should be virus-resistant by default; most systems other than Windows are.

    I'm with Hamish -- thanks Gates! Any time I need spare cash I can find people with virus infections and charge to clean them.

  19. Goldie

    It is a Windows Fault!

    Why should we be surprised when Windows comes bundled with a lot of malware by itself! Just look at the "Automatic Updates" service - isn't it the biggest botnet in the current days Internet? I have tried many many times to remove all unnecessary bells'n'whistles like Outlook Express, MS Messenger, Media Player, etc. in order to achieve only an OS loaded on the machine. What to say about not running network-bound services (like W32Time) without explicitly requested to do so, or about the imposibility to close port 139? Obviously I had no success in last 10 years with all the versions of Windows.

    OTOH we have to differentiate between the Windows fault (being insecure by default) and the customer's fault (give me those bells'n'whistles regardles whether they are secure or not).

    I fully agree with both Hamish and Henry - the demand in my services can decrease by up to 80% if Microsoft finally manages to get a secure operating system out of the door. So God bless Bill Gates, the religion he founded and the endless pockets of his followers - I am earning my living on them all!

  20. Sceptical Bastard

    Jam on it? Nah - how about yer missus... ?

    Quote: "Umm, I should crack into neighbor's machines and fix them?"

    No! Don't do that!

    I have neighbours. Unfortunately, the word has got out to them that I work with systems (like other correspondents, Windows vulns and user 'carelessness' earn me a modest crust).

    So most weekends I get phonecalls that start "I wonder if you could nip round and have a look at my computer..."

    Often trying to isolate a problem or reconfigure or sanitise the machine proves more time-consuming than a wipe and clean install. So I advise them to burn their userdata to CD and reinstall Windows. Usually, however, either the machine was bought with Windows pre-installed but without installation discs and/or restore discs or the owner is not up to reinstalling the OS, drivers, and apps.

    That's where the problem arises. They expect me to do it for a bottle of wine or jar of homemade jam. When I quote my day-job hourly rate they start muttering about their mortgage.

    Why the f**k do people expect me to give up a couple of hours of my weekend doing what I get well paid for in the week for a sample of their home cooking?

    Many of my neighbours have particularly attractive wives or daughters. So why don't they make me an offer I _wouldn't_ refuse?

    Life's a bitch. With or without Bill Gates.

This topic is closed for new posts.