Aug 23 2007

“I don’t want to belong to any club…”

Published by at 7:33 am under Security Advisories

As Brian Krebs points out, the Groucho Marx comment, “I don’t want to belong to any club that will accept me as a member” captures the spirit of the latest round of the Storm worm emails.  Following the simple rule of “if you didn’t ask for it, don’t open it” applies to these club membership spams just as well as it does to attachments.  I have to give these guys a little credit in saying that this is a new twist of social engineering that will probably get them some good results.  At least for a little while.

The list of clubs or online services these spams refer to is around 30 as of today, but you can be certain that it’ll keep growing as people catch on to the first wave of fake services.  But the problem with these worms is that they’re easy to update, so new face services will be added quickly, I’m sure.  Another annoying aspect of the Storm worm is that it changes it’s binary every 30 minutes, making signature based detection that much harder.

[Slashdot] [Digg] [Reddit] [del.icio.us] [Facebook] [Technorati] [Google] [StumbleUpon]

One response so far

One Response to ““I don’t want to belong to any club…””

  1. Scott Wrighton 24 Aug 2007 at 8:01 pm

    It’s actually getting so that I give the explicit instructions to everyone I talk to about spam and phishing **not to click anywhere in an email if you weren’t expecting it**.

    While it’s a smart idea not to allow images to be displayed in HTML emails until you are sure about them (or even not to autopreview), some people can’t be bothered to figure out how to change the configuration.

    As well, some new spams only contain one thing, an image link. If you click anywhere to get the image (just to see what it is about) it’s as bad as clicking on a normal link embedded in an email.

    And it’s worth reminding people that just because it says “http://www.paypal.com/members/login.php” and looks legitimate, doesn’t mean that’s where the link is going to take you. Outlook and some other email agents are getting better at popping up a tip that shows the real destination, but that can be missed if you click too fast.

    Just don’t click anywhere if you aren’t expecting it. Even better, if you know how, turn off autopreview and HTML image loading in your email agent. If you don’t know how, ask someone.

Trackback URI | Comments RSS

Leave a Reply

%d bloggers like this: