Storm worm targets Barclays, Halifax customers

gallery

The 'Storm' botnet is at the core of new phishing activity specifically targeting Barclays and Halifax customers, a security research firm has identified.

The Fortinet threat response team this week discovered these targeted attempts to get users to divulge sensitive account details that exploit the worm, also known as Trojan.Peacomm, in the latest evolution of its use, which breaks away from the trend of using it to send out spam on a massive scale.

This evolution of Storm as a peer-to-peer (P2P) network botnet, using a coordinated collective of infected computers estimated to range in number from thousands to millions of PCs, to target vulnerable users of online banking services with a security check scam has never been seen before, Guillaume Lovet head of Fortinet's threat response team told IT PRO.

"This worm has never been involved in phishing before," he said. "It sends out emails randomly in the hope that some users will be customers of these banks."

The Barclays message, first posted in a Fortinet advisory Monday, reads: "We are undertaking a period review of our member accounts," and prompts users to click on a link designed to get them to enter sensitive personal information like bank details.

A Barclays spokesman told IT PRO: "We are aware of continued phishing attacks and always recommend that customers do not 'ever' give away security details in this way."

Then yesterday Fortinet discovered customers of Halifax had also been targets. This time, the email pretended to alert the user to a security breach in order to trick them into handing over information in the same security check scam.

At the time of writing, Halifax, a division of Bank of Scotland and part of the HBOS Group, had not responded to a request comment on the reports.

Fortinet also pointed out that, while this type of activity is a first in terms of its use of the Storm botnet, the social engineering hook of false security checks in these phishing emails was identified several years ago - indicating that it has most likely been dug up from an old phishing kit.

Lovet also said this suggested parts of the botnet created by the Storm worm are now being sold off to different criminal groups with varying cybercrime tactics.

First spotted a year ago, peacomm was the first malware to use peer-to-peer networking (P2P) or mesh topologies to target unsuspecting Microsoft Windows computers across the internet.

Email to a friend

Print this page