Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: The ever morphing Storm SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
The ever morphing Storm

Readers has been reporting emails with subjects such as:

  • Spyware Detected!
  • Malware Alert!
  • Virus Detected!

The Storm virus from the last week or so (greeting cards) has morphed into this new version.  Nothing new, the texts has changed somewhat and the subject line is different.  By en large it is still the same attempt to get people to download an exe file.

Auscert has put out an alert on this as there have been an increase of these messages in the region.

As per usual discourage users from blindly clicking links in emails.  Educate them on your corporate AV and AS practices so they will know that the message is not legit and even if you do block all these messages maybe raise awareness with staff so they don't fall for these types of messages at home.  Blocking downloads of exe files is also a good start.

A reader suggested a few keywords and/or phrases that could be used to identify the messages.
robotaccount will be blocked, also look for epidemic near the word worm.



Mark H - Shearwater


392 Posts
ISC Handler
Jul 9th 2007

Sign Up for Free or Log In to start participating in the conversation!