With the 4 year prison term for Robert Soloway and the Murder/Suicide of Eddie Davidson still fresh in our minds comes the following alert from the US-Cert warning us that the subject of the FBI looking at Facebook is being used to spread a new variation of the Storm Worm. I guess the above two penalties don't phase the authors of the storm worm.

Eddie Davidson fugitive Spammer in Murder-Suicide.

• www.theregister.co.uk/2008/07/25/fugitive_spammer_slays_family/

Soloway given 47 month prison term.

• www.theregister.co.uk/2008/07/23/soloway_sentenced/

- Shaun

---

US-CERT Current Activity

New Storm Worm Activity Spreading

Original release date: July 29, 2008 at 9:41 am Last revised: July 29, 2008 at 9:41 am

US-CERT is aware of public reports of a new Storm Worm Campaign. The latest campaign is centered around messages related to the Federal Bureau of Investigation and Facebook. This Trojan horse virus is spread via an unsolicited email message that contains a link to a malicious website. This website contains a link, that when clicked, may run the executable file "fbi_facebook.exe" to infect the user's system with malicious code.

Reports, including a posting by Sophos, indicate the following email subject lines are being used. Please note that subject lines can change at any time.

• F.B.I. may strike Facebook
• F.B.I. watching us
• The FBI's plan to "profile" Facebook
• The FBI has a new way of tracking Facebook
• F.B.I. are spying on your Facebook profiles
• F.B.I. busts alleged Facebook
• Get Facebook's F.B.I. Files
• Facebook's F.B.I. ties
• F.B.I. watching you
  

US-CERT encourages users and administrators to take the following preventative measures to help mitigate the security risks:

• Install anti-virus software, and keep its virus signature files up-to-date.
• Do not follow unsolicited web links received in email messages.
• Refer to the Recognizing and Avoiding Email Scams (pdf) document for more information on avoiding email scams.
• Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
  

Relevant Url(s):

• www.us-cert.gov/cas/tips/ST04-014.html
• www.sophos.com/security/blog/2008/07/1599.html
• www.us-cert.gov/reading_room/emailscams_0905.pdf
  

====
This entry is available at:

• www.us-cert.gov/current/index.html#new_storm_worm_activity_spreading