It comes as no surprise that hackers have taken advantage of the Halloween spirit and launched a new Storm Trojan spam attack in disguise. One of the most common spam email invited users to visit a website and download a funny application which creates a dancing skeleton on the user’s desktop.
The 'halloween.exe' is a copy of the Storm Trojan which compromises the user's PC and merges it into a network of computers that can be commandeered remotely by a controlling server.
The messages arrive with subject lines such as:
'For people with a sense of humor only'
'Halloween Fun'
'Happy Halloween'
'If your in your office, keep the speakers low, lol'
'Nothing is funnier this Halloween'
'Party on this Halloween'
'The most amazing dancing skeleton'
'This will make you laugh'
'You'll laugh your but off'
The Storm Trojan first appeared in January 2007 and quickly gained notoriety by masquerading as current affairs headlines. More recently, the gang of criminals behind the Storm Trojan has used special events to draw unsuspecting users to infected websites.
The sites are set up specifically to use browser exploits to infect a visitor with a copy of the botnet program. The gang has used topics ranging from the Fourth of July, the NFL season and greeting cards as hooks to lure spam recipients to the malicious sites.
The Storm botnet is a serious threat and is known to have control over many thousands of PCs. The Marshal Trace team estimates that the Storm botnet is the source of up to 20 per cent of all current spam.
"Today's run of the Storm Trojan using Halloween as its hook is the latest in a long line of social engineering cons used by these criminals," said Bradley Anstis, vice president of products at Marshal Trace.
