A major new spam campaign that tries to convince users to install the long-running Storm bot Trojan on their PCs has been launched.
The new spam blitz is difficult to characterize, said researchers from MX Logic and F-Secure, because of the nearly 40 different subject heads used by the spammers.
"We've seen subjects talking about everything from 'White House hit by lightning, catches fire' to 'Italy knocked out of Euro 2008' and 'Nokia unveils revolutionary new phone design'," said an F-Secure researcher in a post to his company's blog.
F-Secure has posted text-only listing of the subject headings its researchers have seen in the wild. Among the more outrageous: "Statue of Liberty struck by lightning, catches fire," " Obama quits presidential race," and "Man wakes up from 40 year coma."
No matter what the subject headings used, all the spam includes a link to a fake version of the pornographic YouTube-lookalike PornTube.com. According to McAfee researchers, the phony site is hosted on multiple compromised legitimate servers.
Once the user's browser reaches the spoofed site, a pop-up warns that an ActiveX control must be installed to watch the porn videos. The control is, not surprisingly, nothing of the kind, but is instead a variation of the Storm Trojan.
The size of the spam run is staggering, said MX Logic in an e-mail alert Friday morning. "The MX Logic Threat Operations Center reports that it has received over 8 million of these messages, accounting for over 85% of its worm traffic over the past 24 hours," said the warning.
Storm, an often-revised Trojan horse, is designed to hijack Windows PCs and add them to a collection of compromised computers, or botnet, which in turn is used by hackers and spammers to distribute more malware or scams. Earlier this year, researchers had said the Storm-based botnet was in decline, while Microsoft claimed that the malware search-and-destroy tool it distributes to Windows users each month had eradicated so many of the bots that its controllers threw in the towel.