Storm spam campaign targets NFL fans

(10/09/2007)

A new outbreak of Storm malicious spam emails targeting NFL fans has been launched against inboxes worldwide. According to the Marshal TRACE Team, the latest Storm spam campaign has been timed to coincide with the start of the NFL season.

The message lures recipients to a fake NFL website with the enticement of a 'Free NFL Game Tracker' - a utility that supposedly updates fans on game results but is actually the Storm trojan. Users are lured to download the tracker and by doing so download the trojan.

According to TRACE, the NFL Storm campaign accounts for 1 - 2 percent of all spam. The Storm Gang is responsible for up to 20 percent of all spam traffic worldwide - roughly equivalent to all the spam generated in the US on any given day. The scale of the botnet at the command of the Storm Gang is estimated to consist of anywhere between 1-5 million computers according to differing industry estimates.
"This new campaign featuring the NFL tracker is not just designed to target ardent NFL fans but also to exploit the emerging popularity of Web-based Fantasy leagues," said Bradley Anstis, Director of Product Management at Marshal. "The Storm Gang are experts at manipulating the latest trends in Internet usage to lure unsuspecting Internet users into their traps, so their move to target the NFL and Fantasy leagues is not unexpected. Of greatest concern is the frequency with which the Storm Gang is changing campaigns - currently they are changing them on a daily basis," said Anstis.

The Storm Gang launched three consecutive campaigns in three days leading into the weekend. Late last week, the Storm botnet was used to distribute a mass campaign targeting 'Tor' - a free downloadable that allows users to communicate anonymously over the Internet. The next day the spammers reverted back to the YouTube campaign, which first appeared two weeks ago. Then yesterday the NFL campaign was launched.

"Advanced spam filters should effectively block these messages as spam. However, we recommend the following advice to Web users," said Anstis:

1. Ensure that the security settings in your email client and Web browser are set to 'High'.

2. If you receive a message containing a link from a person you don't know, or haven't heard from for a long time, delete the message without opening it.

3. If you think you know who the message is from, look at the address of any web links very carefully. Be very suspicious of links that display as an IP address (numerical address) or that look similar to, but do not exactly match, the website address of any companies that you have dealings with. Don't click on the link in the message and don't click "OK" if it asks to download a file.

Related topics:  Computer and PC Security   Hacking and intrusion prevention   Internet and Web security   Virus, Worm, Email security, spyware and malware 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources