The "Storm" mailer currently wreaking havoc around the world is the first to make efficient use of social engineering tactics and this is one of the reasons that it has made such an impact. 


Allysa Myers, writing in her McAfee Avert Labs blog, says there are a number of elements that have come together to make the Storm trojan, also known as the Downloader-BAI, so succesful, with dozens of new variants appearing daily.
"The first interesting bit in this event is watching the authors of this malware cobbling separate pieces together," she writes.
"Some time this weekend, this Downloader trojan was being found in the droppings of a mass mailer, W32/Nuwar@MM, which had previously been tied to a couple of other Downloader trojan familes.
"So now, being tied with a mass-mailer as well as a mass seeding, this trojan has become more self-sustaining in its distribution. It’s unlikely, at this point, that this will be dying down completely any time soon."
Another notable feature, she says, is that this collection of trojans is co-ordinating itself by way of a peer to peer network.
"This is something we’ve been seeing malware authors playing with more and more lately, with this one arguably being the most successful.
"Malware authors seem to understand that having any single point of failure means that at some point, they will in fact fail and have to rebuild their botnet. By having a “headless” botnet, they can self-heal more effectively."
But most notable, Myers says, are the social engineering tactics being used in this seeding.
"W32/Nuwar gained quite a bit of notoriety during the holidays, for its variety of holiday-specific subject lines. Now Downloader-BAI is being seeded with a list of subject lines, the majority of which are intended to ruffle feathers or cause concern in certain specific countries."
The headers are made to look like news headlines, with attachments designed to encourage people to read more, or view the video footage of the supposed news item.
"Personally, I find messages making outlandish claims something to be deleted without further ado (especially those messages that have file-attachments, and whose spelling is rather suspect)," writes Myers.
"But for some reason this tactic is still proving successful. None of these techniques are particularly new or innovative, and if one were employing basic security measures this could be avoided. But due to the combination of huge numbers of new variants and social engineering tactics, it’s working for these miscreants."