FBI warns of new Storm worm variant

On Wednesday, the FBI and its partner, the Internet Crime Complaint Center (IC3), warned against a new e-mail campaign being used by the creators of the Storm Worm botnet.

The e-mail uses the the phrase "F.B.I. vs. Facebook" in its subject line and contains a link to view an article about the FBI and Facebook, a popular social networking website. Clicking on the link downloads malicious software onto the victim's computer.

"The spammers spreading this virus are preying on Internet users and making their computers an unwitting part of criminal botnet activity," said the FBI in a press release. "We urge citizens to help prevent the spread of botnets by becoming web-savvy."

The FBI is warning users not to respond to spam e-mail and not to open attachments or links provided within such e-mail, and advising them to validate the legitimacy of the e-mail by typing the organization's Web site address directly into a browser window, rather than clicking on a provided link.

[compudoc318]

when will idiots wake up and stop opening unknown emails and clicking on unknown links.....wait, i remove viruses for a living..........keep on clicking dummies, i need a new bmw!

[n3td3v]

When are the FBI going to do something about getting the Storm Worm authors arrested? The FSB (Russian Secret Service) is protecting the authors, RBN (Russian Business Network) from being arrested by western law enforcement agencies such as FBI. So when is something going to be done to solve the root of the problem? Sure, we can put out alerts about this particular scam, but it doesn't solve the bigger picture of Storm Bot Net Worm. The U.S Federal Government, if they can't solve the Storm Worm crisis politically, then they'll need to take it to the top level and speak to the White House about American President putting pressure on The Russian President to get this case shuttered and the criminal gang, state sponsored by the Russian government be arrested. I'm sick of cyber security not being taken as seriously, on the same level as real life security when a government such as the Russians are up to dirty tricks, in what cyber crime has become more profitable than drug trafficking, so you can see why the Russian government don't want to let western law enforcement get their hands on Storm Bot Net Worm so easily, because they (Russian Government) are making so much profit from the existence of Storm. Its really bad what's going on and I can't believe the west are powerless to do anything about what's going on, and to be frank, this is a complete embarrassment for the west, but its cyber security, so its not taken with as much priority as real life security, so the Russians get to keep going with RBN and the Storm Bot Net Worm for as long as they want! Even if it brings disruption to the U.S federal government through spam runs such as this one which is targeting the Federal Bureau of Investigation.

[jpmccloud01]

Here is the problem with this stuff. While alot of people are tech savy enough not to reply, there are still many people who are newbies, navs, or who are just casual users of the internet, then there are those who's work this kind of stuff might look legitimate to. What their has to be is a national warning system for the internet that can't be craked and that lets anyone out there know when these kind of threats are out there. Sadly we are stuck with trying to find info about this stuff from other soarses or hoping our virus and security programs are up to the task, bye the way most are to a point. I have been hearing about ANTivius 2008 all week and this has not been fun, so remember that the internet is still to a point the wild wild west and the security software and people in the know are the sheriffs.

[jamalystic]

This is a perfect example of a targeted attack that even the tech-savvy would find it difficult to detect. This seems to be the new direction for phishing attacks and malware links: Identifying a Targeted Attack(http://www.internetevolution.com/author.asp?section_id=670&doc_id=156701&F_src=flftwo)

[stlwest]

Where do the links lead to? If they are to servers outside the US then Microsoft should put an option in their firewall or in Internet Explorer to allow only US based traffic. That way people can at least choose to shut off a lot of crap.

[Penguinisto]

Doesn't matter - unless you can tell with 100% certainty each time which IP addy blocks (which are sold, divided, re-sold, and devided and resold again) are on-shore vs. off-shore? Fat chance.

/P

[The_happy_switcher]

No problem here on the Mac. How are you Windoze users fairing?

[ronnielsen1]

No problems on the Mepis or the PCLinux.

[chash360]

When is somebody going to hold M$ resposible for the possibility of these things. It was there deviation from establish protocol standards that allowed a 'hyper text link' to point to an address that is not what the hyper text link displays. It was their deviation that allowed code, from a remote site, to be attached to, and executed when clicking on the links. HTML spec 1.1 was perfectly capable of doing 90% of the things all these scripted pages do now, without arbitrary code scripting and execution from an unknown source.

It easy to stop it from being possible, they just don't want to. They have already got so many hooked on all the activeX and scripting stuff that its money in the bank for it to be flawed.