Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


02:07 AM

Halloween Spam Storms Inboxes

Marshal: Dancing skeleton spam is Halloween Storm Trojan

ATLANTA -- Email and Internet content security provider Marshal (www.marshal.com) is warning email users to be wary this Halloween of malicious spam messages playing on the horror-themed holiday.

The Marshal TRACE team has identified a new run of Halloween spam that invites recipients to visit a Web site and download a “dancing skeleton” – a computer program that purports to create a novelty dancing skeleton on your desktop. By visiting the site, users expose themselves to vulnerability exploits and an executable file named “halloween.exe”. This is in reality a copy of the Storm Trojan which compromises the user’s PC and merges it into a botnet – a network of computers that can be commandeered remotely by a controlling server.

The messages arrive under the guise of subject lines such as:

  • For people with a sense of humor only
  • Halloween Fun

  • Happy Halloween

  • If your in your office, keep the speakers low, lol

  • Nothing is funnier this Halloween
  • Party on this Halloween

  • The most amazing dancing skeleton

  • This will make you laugh

  • You'll laugh your but off [sic]

The Storm Trojan first appeared in January 2007 and quickly gained success and notoriety by using the guise of current affairs headlines. More recently, the gang of criminals behind the Storm Trojan has used special events to draw unsuspecting users to trap Web sites. The Web sites are set up specifically to use browser exploits to infect a visitor with a copy of the bot program. The Storm Gang have used topics ranging from the Fourth of July, the NFL season and Greeting Cards as hooks to lure spam recipients to their malicious Web sites.

The Storm botnet is a serious threat and is known to have control over many thousands of PCs. The Marshal TRACE Team estimates that the Storm botnet is the source of up to 20 per cent of all current spam.

“Today’s run of the Storm Trojan using Halloween as its hook is the latest in a long line of social engineering cons used by these criminals,” said Marshal’s VP of Products, Bradley Anstis. “Many of the previous Storm campaigns have exploited distinctly current events such as the Fourth of July and NFL fantasy football picks. This Halloween run of Storm spam will no doubt entice a much wider audience, even beyond the US.”

Marshal Inc.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Inside the Ransomware Campaigns Targeting Exchange Servers
Kelly Sheridan, Staff Editor, Dark Reading,  4/2/2021
Beyond MITRE ATT&CK: The Case for a New Cyber Kill Chain
Rik Turner, Principal Analyst, Infrastructure Solutions, Omdia,  3/30/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-04-10
Valve Steam through 2021-04-10, when a Source engine game is installed, allows remote authenticated users to execute arbitrary code because of a buffer overflow that occurs for a Steam invite after one click.
PUBLISHED: 2021-04-10
A command execution vulnerability in SonicWall GMS 9.3 allows a remote unauthenticated attacker to locally escalate privilege to root.
PUBLISHED: 2021-04-09
Zoom Chat through 2021-04-09 on Windows and macOS allows certain remote authenticated attackers to execute arbitrary code without user interaction. An attacker must be within the same organization, or an external party who has been accepted as a contact. NOTE: this is specific to the Zoom Chat softw...
PUBLISHED: 2021-04-09
Use after free in screen sharing in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
PUBLISHED: 2021-04-09
Use after free in V8 in Google Chrome prior to 89.0.4389.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.