Storm Worm variant called Zhelatin.pt

Apply caution when you get New Year messages in your mail box! A massive attack of the Storm Worm variant called ‘Zhelatin.pt’ is underway with a rather simpler modus operandi, say Security Experts at Micro World Technologies.

It begins with emails arriving with subject line ‘Happy New Year’ or ‘Message for new year’. The mail body has a web address chosen from a random list that contains URLs like newyearcards2008.com, newyearwithlove.com, hohoho2008.com, hellosanta2008.com, happy2008toyou.com and uhavepostcard.com.

On these websites, a message is displayed which reads as, “Your download should begin shortly…….. Click here to launch the download and press Run. Enjoy!” Clicking the link, a file named happynewyear2008.exe or happy2008.exe, which carries the worm Zhelatin.pt’, is downloaded into the computer. Once a victim clicks on the downloaded exe, the Worm drops some files and runs certain services to quickly and silently to make the computer a part of a large spam relaying network or Botnet.

The first Zhelatin variant appeared in January 2007 which spread with the help of mails with a subject line ‘230 dead as storm batters Europe’ and other socio political events, thereby deriving its popular name - Storm Worm. All mails carried exe attachments with randomly chosen names that invariably lured recipients into downloading them.

Users can protect their computers from Storm Worm by resisting the temptation of clicking on season’s greetings or other messages that require them to visit unknown websites and to download files, Manoj says. It is also equally important to keep their Antivirus and Spam Control systems up-to-date, he adds.