Home arrow US-CERT Computer Emergency Readiness Team arrow Storm Worm Activity Increases During Holiday Season

Storm Worm Activity Increases During Holiday Season

US-CERT is aware of an increase in Storm Worm related activity. The latest activity is centered around messages related to the New Year. This Trojan is spread via an unsolicited email message that contains a link to a malicious web site. When the malicious link is followed, the Trojan may attempt to exploit an unpatched vulnerability or continue to rely on social engineering to download and install the file on the user's system.

Subject lines can change at any time, but the following are currently being used:

  • A fresh new year
  • A fresh new year...
  • As you embrace another new year
  • Blasting new year
  • Happy 2008 To You!
  • Happy 2008!
  • Happy New Year To (emailhere)
  • Happy New Year To You!
  • Happy New Year!
  • It's the new Year
  • Joyous new year
  • Lots of greetings on new year
  • Message for new year
  • New Hope and New Beginnings...
  • New Year Ecard
  • New Year Postcard
  • New Year wishes for you
  • Opportunities for the new year
  • Wishes for the new year
  • Christmas Email
  • Cold Winter Nights
  • Feel the Holiday Spirit
  • Find Some Christmas Tail
  • Ho Ho Ho.s
  • How.s It Goin
  • I love this Carol!
  • Jingle Bells, Jingle Bells
  • Looking for something hot this Christmas
  • Merry Christmas From your Secret Santa
  • Merry Christmas To All
  • Mrs. Clause
  • Mrs. Clause Is Out Tonight!
  • Santa Said, HO HO HO
  • Seasons Greetings
  • The Perfect Christmas
  • The Twelve Girls of Christmas
  • Time for a little Christmas Cheer.
  • Warm Up this Christmas
  • Your Secret Santa
File names can also change at any time, but the following are currently being used:
  • happy-2008.exe
  • happy2008.exe
  • stripshow.exe
  • happynewyear2008.exe
The following domains have been used to distribute malicious code and we do not recommend users visit them:
  • hxxp://newyearcards2008.com/
  • hxxp://merrychristmasdude.com
  • hxxp://ptowl.com
  • hxxp://uhavepostcard.com
  • hxxp://yxbegan.com
  • hxxp://happycards2008.com
US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks: