The e-mail storm and ETD

You may have noticed a whole lot of e-mail messages lately about someone sending you a greeting card. This is spam trying to get you to load malware on your machine so it can use your machine to send out more spam. InfoWorld reports on the Record-breaking ‘Storm’ Trojan linked to spam surge: Bot Trojan becomes the most prolific e-mail-borne malware ever

Storm started to gather steam near the end of June, when several spasms of mail posing as greeting cards reached users, and reach critical mass just before July 4, when holiday subject lines tempted even larger numbers of users to click through. “Storm’s using more of a ‘pull’ than a ‘push’ model now,” said Masiello. Earlier Storm bot-building campaigns had come with attachments that when run hijacked the targeted PC. More recent attacks simply offer up a link in the e-mail; when users click on the link, code on the ensuing site — actually, often several exploits that try several vulnerabilities until one works — snatches the PC.

I have a friend who is very careful about ETD (e-mail or electronically transmitted diseases) but he checked out one of these greeting card invitations. — whoops! — it can happen to the best of us. These ETD depend upon accidental contact. It is getting so bad that you have to practice safe e-mail all the time, you have to get frequent health check-ups to make sure you aren’t infected, and you need to take prophylactic measures to make sure that you can squash any ETD you might get.

Your ISP, the company that provides internet access, is very interested in helping you stay healthy. They have ETD trapping systems between you and the internet to catch many vectors but you have to use their traps properly. Your ISP also probably has prophylactic software, anti-virus and spam catching software, that you can install on your machine to help prevent ETD but, again, you have to use it properly.

One way you can help prevent ETD is to lock down your computing behavior. If you use Windows, the most common target, make sure you take advantage of its features to prevent malware. The new Vista was designed particularly to help with this. The new IE for Windows also has features to prevent ETD. You can also use other browsers such as Firefox or other e-mail clients such as Thunderbird that will help prevent ETD. You can also use Linux or Apple machines to reduce your ETD risk profile.

It is important to realize that there is a plague raging the Internet planet. You may only see its impact in your inbox and not realize that you are contributing to it. Unless you practice safe e-mail, and even then, you may be contributing to the ETD plague. Take care, take precautions, and do what you can to help squash this plague.

Update: Google is offering a pack of free software that includes Norton Security Scan, Spyware Doctor Starter Edition, and a lot of other good stuff including Firefox and Star Office (the commercial version of Open Office). You might check it out to help prevent ETD as well as a convenient source of some ‘good stuff’ integrated with the Google search engine.

Update II – Operation Bot Roast: Strategy Page has an entry on the FBI operation to quell the Storm invasion.

Meanwhile, the FBI announced that Operation Bot Roast had, so far, identified over a million compromised PCs, in scores of botnets. The FBI is trying to get in touch with as many of these computer users as possible, and direct them to organizations and companies that can help them clean the zombie software out of their computers. Help can be had for free, although many of the compromised PCs were found to be clogged with all manner of malware (illegal software hidden on your machine to feed you ads or simply track what you do).

Most owners of zombiefied computers didn’t even realize their PCs had been taken over. Some with heavily infected machines, do notice that the malware slows down the PC, and there have been cases where the user just went out and bought a new computer. Usually, reformatting the hard drive and reinstalling your software works, and is a lot cheaper. But most computer users today don’t know how to reformat a hard drive, or even get someone to do it for them.

Comments are closed.