Application security, Threat Management, Incident Response, Malware, Network Security, Patch/Configuration Management, Phishing, TDR, Vulnerability Management

Malware writers trying for touchdown with NFL-themed Storm Worm

Are you ready for some malware? The ubiquitous Storm Worm hit the gridiron over the weekend when attackers, through mass emails, attempted to dupe NFL fans into visiting a malicious website promising information about the season's opening weekend.

The spam messages encouraged fans to visit a website to download an "online game tracker" that claims to contain time, channel and statistical information for all NFL contests, according to Finnish security firm F-Secure. Instead, if users attempt to download the application, they are met with a malware exploit.

To make the threat appear more legit, the website where users are sent to download the game tracker actually contains accurate information about the scheduled games, F-Secure said Sunday on its company blog.

This is the latest twist in the Storm Worm, which attempts to lure users to malicious files by masquerading as a legitimate link, usually as an electronic greeting card or a breaking news story. Security experts estimate there are hundreds of thousands of infected machines worldwide, which are predominantly used to send spam and launch denial-of-service attacks.

"It's always been socially engineered, and it's always around something that would be enticing to individuals, and timely," Ken Dunham, director of global response for Dallas-based iSight Partners, a risk management and mitigation start-up, told SCMagazine.com today. "It's one of the most relentless and prevalent attacks we've seen in 2007."

Anti-virus firm BitDefender ranked the Storm Worm as last month's top malware threat, compromising about 25 percent of all detected malware.

The attacks are successful because the malware writers automatically update the malware's binary code about every half hour to evade anti-virus detection, Dunham said. And users whose machines are updated with the latest security patches can still be infected if they choose to execute malicious code.

Dunham – who meets regularly with industry experts to discuss the Storm Worm – said end-users should be trained not to "blindly trust email traffic," while administrators must implement proper spam filters.

"A little bit of training and technology goes a long way in mitigating these threats," he said. "The low-hanging fruit is what the targets hit, and that would be people who execute and who are not patched."

Click here to email reporter Dan Kaplan.

An In-Depth Guide to Application Security

Get essential knowledge and practical strategies to fortify your applications.

You can skip this ad in 5 seconds