Storm malware turns amorous in major new attack

Sophos has warned of a major new malicious attack that has been affecting internet users since 2:00 GMT today. According to Sophos, new variants of the Dorf family of malware (which had previously spread as breaking news of deaths caused by European storms) are now using disguises associated with love and greeting cards.

A wide variety of subject lines are being used in the spam campaign, including “You’re so Far Away”, “I Dream of you”, “Dream Date Coupon”, “Together You and I”, “A Bouquet of Love”, “So in Love” and “Cuddle Up”. Attached to the emails are files called ‘flash postcard.exe’ or ‘greetingcard.exe’. When opened, the worm attempts to send itself to other email addresses found on the recipient’s PC, while also attempting to download further malicious code from the internet, designed to take over the computer and use it to send spam on behalf of hacking gangs.

Sophos’s anti-spam products are intercepting the emails to prevent them from reaching users’ inboxes, while updated anti-virus protection will be issued shortly.

“This attack is taking place against internet users right now around the world, resulting in a deluge of spam being relayed from innocent users’ computers,” said Graham Cluley, senior technology consultant. “People must learn to think before they click. It may be tempting to open an attachment which you think is a greeting card or a message from a loved one, but following your heart can get you into trouble sometimes. The best defence is common sense, combined with up-to-date anti-virus software and email filtering at your gateway.”

Sophos recommends companies automatically update their corporate virus protection, and run a consolidated solution at the email gateway to defend against malware, spyware and spam.