Fake Tor Application Helps Storm Worm Spread

Matt Keil

Category: Firewall

ALERT – Capitalizing on user fears of hackers capturing and viewing their internet traffic, the Storm worm’s latest propagation method uses spam email with the subject line “Careful, you.re being watched.” to suggest that users download an application called Tor to provide safety and anonymity in surfing the web. However, when users click on the link to download the Tor file, they are actually downloading malware assumed to be more copies of the Storm worm. Storm worm-infected computers are turned into bots or zombie computers which listen for commands from a central server run by a hacker. Hackers controlling the bots or zombie computers can then use them to send spam, adware, and spyware, launch denial-of-service attacks, and other nefarious activities.

Here’s an image of the spam email body used by the Storm worm:


Got something to say?

Get updates: Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit42

By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.