Daily cyber threats and internet security news: network security, online safety and latest security alerts
July 4th, 2008

Storm Botnet Celebrates The Independence Day With New Wave Of Malware Spam

The group behind the Storm Botnet has always been conscious of timing and this time a new malware spam wave had started, dedicated to Independence day of course. This spam wave directs the user to click on a link that encourages the intended victim to download an infected fireworks.exe file.

The Storm botnet launched the latest campaign in June 3rd. Here’s a partial list of subject lines seen in the latest spam messages:

Amazing Independence Day salute
Amazing firework 2008
America for You and Me
America the Beautiful
Celebrate Independence
Celebrate with Pride
Celebrating Fourth of July
Celebrations have already begun
Fabulous Independence Day firework
God bless America
Happy Fourth of July
Happy Independence Day
Independence Day firework broke all records
Light up the sky
Proud to be an American
Sparkling Celebration of Independence Day
Spectacular fireworks show
Stars and Strips forever
Super 4th!
The best firework you’ve ever seen
The best of 4th of July Salute
Well done 4th!

The body of the messages is similar to previous campaigns, with a one line phrase followed by an IP address, such as:

Amazing Independence Day salute http://123.456.789.000/
Amazing Independence Day show http://123.456.789.000/
Bright and joyful Fourth of July http://123.456.789.000/
Celebrate the spirit of America http://123.456.789.000/
Celebrating Fourth of July http://123.456.789.000/
Celebrations have already begun http://123.456.789.000/
Light up the sky http://123.456.789.000/
Proud to be an American http://123.456.789.000/
Stars and Strips forever http://123.456.789.000/
The best firework you’ve ever seen http://123.456.789.000/
Well done 4th! http://123.456.789.000/

Visiting the IP address would bring up a page with a fake online video player and a picture of fireworks inside the player. The following text is included below the image:

Colorful Independence Day events have already started throughout the country. The largest firework happens on the last weekday before the Fourth of July. Unprecedented sum of money was spent on this fabulous show. If you want to see the best Independence Day firework just click on the video and run it.

Users attempting to watch the fireworks video will instead be infected by malicious code.

The “video” links to an executable called fireworks.exe. In addition, the site also launches an invisible iframe with obfuscated malicious javascript ind.php.

Share this item with others:

More on CyberInsecure:
  • Beware Of Independence Day Malware Spam By Waledac Botnet
  • Botnet Spams 60 Billion Emails A Day
  • Storm Botnet Is Behind 20 Percent Of Internet Spam
  • Storm Trojan April Fools Day Edition
  • The Number Of Infected Machines In Botnets Quadrupled In Last 3 Months

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Storm Botnet Celebrates The Independence Day With New Wave Of Malware Spam

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.