NEWS FROM THE LAB - Thursday, September 6, 2007

sTORm worm Posted by Ian @ 19:02 GMT

A new round of storm worm attacks are playing on people's paranoia against being watched online.

This time the lure leads users to a "TOR download" page, which is… surprise, surprise… fake.


Clicking on the button in that web page will download a malicious file called tor.exe onto the system. This file is already detected as Email-Worm:W32/Zhelatin.IL.

Do note that the real TOR application is hosted on http://tor.eff.org/. For those unfamiliar with it, it's a system designed to enable its users to communicate anonymously over the Internet.