The email Storm Trojan has changed again. Today, the Storm pretends to be advertising Tor, a device for communicating anonymously on the Internet. Sample subject lines include:
Big brother is watching you.
Careful, you.re being watched.
Do you know who is watching you?
The things you do online are being watched.
What you do online is at risk.
What you do online is no longer private.
You are being watched online.
Your online activities are no longer safe.
Your online life is not private.
Your Privacy is being violated
Your privacy is no longer safe
The email body is plain text, and as usual with Storm, contains a URL link with a simple IP address:
If you click on the link it will take you to a website that will attempt to exploit vulnerabilities in your browser. This time the Storm gang have taken its fake website concept to a new level by incorporating authentic looking blurb and image. The link provided prompts you to download the malicious Storm Trojan (also called Zhelatin), in this case the file is called 'Tor.exe'.
For those interested, the real Tor application can be found at http://tor.eff.org/.
As before, be wary of clicking on links in any unsolicited email, and in light of these recent Storm attacks, be doubly suspicious of any links with an IP address.
MailMarshal customers should note the current SpamCensor is detecting these messages as spam and no further action is necessary.
