New Storm Worm Activity Spreading

US-CERT is aware of public reports of a new Storm Worm Campaign. The latest campaign is centered around messages related to the Federal Bureau of Investigation and Facebook. This Trojan horse virus is spread via an unsolicited email message that contains a link to a malicious website. This website contains a link, that when clicked, may run the executable file "fbi_facebook.exe" to infect the user's system with malicious code.

Reports, including a posting by Sophos, indicate the following email subject lines are being used. Please note that subject lines can change at any time.

• F.B.I. may strike Facebook
• F.B.I. watching us
• The FBI's plan to "profile" Facebook
• The FBI has a new way of tracking Facebook
• F.B.I. are spying on your Facebook profiles
• F.B.I. busts alleged Facebook
• Get Facebook's F.B.I. Files
• Facebook's F.B.I. ties
• F.B.I. watching you

• Install anti-virus software, and keep its virus signature files up-to-date.
• Do not follow unsolicited web links received in email messages.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.

Read more: US-CERT Current Activity