The Winds of Change - A New Storm is Brewing
Well, the holidays are over and people are now back working. Including the controllers of the Storm botnet.
Steven Adair of Shadowserverhas confirmed that the recently festive Storm domains have now hadtheir DNS records deactivated. This means that for those of us who haveyet to go back to work, the malicious Christmas and New Year themedemails we may see in our inboxes are now less of a threat. However, wehave seen this sort of behavior in the past and we should prepareourselves for the next "infection run", as the deactivation of domainsis often the result of the shifting of a threat rather than itscessation.
Security Researcher Nicholas Albright of the Digital Intelligence and Strategic Operations Groupbelieves that the next infection wave will coincide with Valentines Day- a good bet if we look back in recent history. In February 2007 amalicious spam run containing a link to a "Valentines day eCard"resulted in the infection of a Storm worm variant, with similiaractivity observed in 2006. In fact, malware writers have been usingValentines Day themed messages since at least 2000. But it appears wehaven't yet learnt our lesson.
As always, it is important to keep your antivirus signatures up todate and cast a suspicious eye over all emails in your inbox. Beespecially careful with links within emails, as this one of the mostpopular methods for criminals to successfully propagate malware. And itcertainly wouldn't hurt to warn less security-conscious friends aboutthese issues. Who knows, the system you save might be your own.
So, in the meantime we will be watching any Valentines Day-related domain registrations very carefully.