The Storm Worm guys are still playing mind games (a.k.a Social Engineering).

In his first book, “The Art of Deception”,  Kevin Mitnick introduces several methods social engineers use in their attacks. One of the simplest ways is to directly ask the victim. It appears that most people will naively give away information, or just do the things the attacker asks them to do.

This exact method was used by the Storm Worm guys last Monday, on “Labor Day”. They’ve put a nice “Labor Day” image, and asked nicely from the visitors to click on the image and execute the downloaded file.

 This attack targets most of the naïve people who will think it’s just another nice holiday greeting card.

Well, today the Storm Worm criminals changed their target. They are now targeting the more technical guys. The webpage displays a legitimate looking download page for the well known network anonymity proxy “Tor”.

The “Download Tor” image links of-course to a malicious “tor.exe” file.

According to the VirusTotal generated results, 11 of 32 Anti-Virus vendors classify this exe file as a malicious.

Needless to say, both the “Tor download” and the “Happy Labor” pages include the MPack v0.99 crimeware toolkit, which added some exploits to its arsenal.

Posted by Aviv Raff