Halloween 'skeleton' spam hides Storm Trojan

Halloween 'skeleton' spam hides Storm Trojan

Don't let your PC be turned into a zombie

Surfers have been warned to be wary of malicious Halloween-themed spam messages infected with the Storm Trojan.

The Marshal Trace team has identified a run of Halloween spam that invites recipients to visit a website and download a program that purports to create a novelty 'dancing skeleton' on the user's desktop.

But victims will be exposed to vulnerability exploits and an executable file named 'halloween.exe'.

This is a copy of the Storm Trojan which compromises the user's PC and merges it into a network of computers that can be commandeered remotely by a controlling server.

The messages arrive with subject lines such as:

'For people with a sense of humour only'
'Halloween Fun'
'Happy Halloween'
'If your in your office, keep the speakers low, lol'
'Nothing is funnier this Halloween'
'Party on this Halloween'
'The most amazing dancing skeleton'
'This will make you laugh'
'You'll laugh your but off'

The Storm Trojan first appeared in January 2007 and quickly gained notoriety by masquerading as current affairs headlines.

More recently, the gang of criminals behind the Storm Trojan has used special events to draw unsuspecting users to infected websites.

The sites are set up specifically to use browser exploits to infect a visitor with a copy of the botnet program.

The gang has used topics ranging from the Fourth of July, the NFL season and greeting cards as hooks to lure spam recipients to the malicious sites.

The Storm botnet is a serious threat and is known to have control over many thousands of PCs. The Marshal Trace team estimates that the Storm botnet is the source of up to 20 per cent of all current spam.

"Today's run of the Storm Trojan using Halloween as its hook is the latest in a long line of social engineering cons used by these criminals," said Bradley Anstis, vice president of products at Marshal Trace.

"Halloween seems to be an increasingly popular holiday outside the US and is gaining global popularity. The Storm gang knows this.

"Many of the previous Storm campaigns have exploited distinctly American events, but this Halloween run will no doubt entice a much wider audience beyond the US."

Graham Cluley, senior technology consultant at Sophos, added: "The gang responsible are experts at choosing topical disguises and crafting alluring emails that the unwary may find difficult to resist.

"What's even more frightening is that when innocent users click to see the skeleton dance, the site also plays The Vengaboys song Boom boom boom boom.

"The good news is that advanced IT security defences are able to stop an attack like this dead in its tracks."

Sophos reported earlier this month that spammers had distributed Halloween-related emails with the intention of gathering personal information from recipients.