Storm worm dangles trojaned Tor clients

THE STORM WORM is sending spam that lures the gullible to download a trojan infected Tor client, according to net security firm F-Secure.

A post on the or-talk mailing list quoted the following spam email text:

"Do you trade files online? Then they will come after you. Read the news on RIAA and what they are doing to everyone they find. Tor will keep them from finding you. Keep the internet private and down load our program for free."

The spam contains a link to a fake Tor download website. If the user clicks on the "Download Tor" link there, they get a malware version of the Tor client called tor.exe that contains the trojan Email-Worm:W32/Zhelatin.IL.

The legitimate Tor network is hosted by the Electronic Frontier Foundation at this address. Tor enables users to communicate securely and anonymously over the Internet by implementing an untraceable mesh network of systems that function as "onion routers".

The Storm Worm authors have been very successful, having built the largest known botnet of zombied computers. They haven't done that by using approaches that don't work, so they must be having some success in preying on people's not unreasonable fears of Internet surveillance by government authorities and corporate agents.

If the NSA and RIAA et al weren't invading Internet users' privacy by spying on everyone's online activities, people wouldn't be so tempted to fall into this Storm Worm trap. µ

L'INQ
F-Secure