Fake Tor Application Helps Storm Worm Spread

Sep 11, 2007
1 minutes

ALERT – Capitalizing on user fears of hackers capturing and viewing their internet traffic, the Storm worm's latest propagation method uses spam email with the subject line "Careful, you.re being watched." to suggest that users download an application called Tor to provide safety and anonymity in surfing the web. However, when users click on the link to download the Tor file, they are actually downloading malware assumed to be more copies of the Storm worm. Storm worm-infected computers are turned into bots or zombie computers which listen for commands from a central server run by a hacker. Hackers controlling the bots or zombie computers can then use them to send spam, adware, and spyware, launch denial-of-service attacks, and other nefarious activities.

Here's an image of the spam email body used by the Storm worm:


Subscribe to the Newsletter!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.