The Halloween spam invites recipients to visit a malicious website and attempts to download a “dancing skeleton” via an executable file named “halloween.exe” - a computer program that purports to create a dancing skeleton on your desktop, according to security vendor Marshal.
Once downloaded the Trojan sniffs the computer for existing Internet Explorer vulnerabilities or to see if it can add botnets, said Oscar Marquez senior technology consultant APAC at Marshal’s TRACE team.
The campaign is currently active in Europe, US and APAC. “The attack first appeared this morning and already represents almost one percent of Marshal’s total spam count. It’s a high number we intercept, approximately one million emails a day," Marquez said.
Microsoft’s recent security update included a patch for the Storm worm,which appeared to help reduce its intensity but this is no longer the case, he added.
“The Storm worm has not blown itself out.”
Halloween spam surges
By
Negar Salek
on Oct 31, 2007 3:31PM
Spammers have coordinated a Halloween spam campaign using the Storm worm botnet with subject line ‘Halloween Storm'.
