The vector of attack is an email purporting to contain the news that the Olympics will be delayed or cancelled due to earthquake damage. The emails contain a link that cklaims to be video to back up the information but instead downloads an application named beijing.exe containing the Trojan.
“Some advice for the day: don't click on every link in your email,” said Symantec’s Vikram Thakur in a posting.
“It looks like the Peacomm (Storm) authors have decided to use past and future events in China as lures for their latest creation. A new spam run is in progress with links to a file called "beijing.exe," which is currently detected by Symantec as Trojan.Peacomm.D.”
The United States Computer Emergency Readiness Team (US-CERT) has also issued a
warning about the attack, saying that the emails have been widely spammed out and that phishing activity linked to the malware has already been detected.
Storm has been one of the more successful Trojans of the last year, with many infections reported. There had been hopes that malware users were switching to other code but this latest attack has professional worried that internet users could be facing another onslaught.
“The first time we saw Storm was when they sent out e-mails that reported violent storms going through Europe — that's why we named it Storm. At the time there were actually storms going through Europe,” said Patrik Runald, security researcher at F-Secure.
“The earthquake in Beijing has fortunately not happened. Speaking of Beijing and Storm, we are still expecting to see Storm, and other malware, use the Olympic Games in August as a social engineering trick so be on the lookout for those in a few weeks.”