Storm Worm: New wave uses Tor network reputation.

It seems that there is a new way of luring unsuspecting users into a trap to turn their computer in a zombie, steal their personal information, and maybe worst, that came into light: Storm social engineering!

The Storm botnet which was behind the two last attacks (http://it.slashdot.org/it/07/08/26/1558245.shtml) seems to be behind a new one using the reputation of the Tor network as its vector.

A recent post on or-talk mailing list mention a strange email the sender has received: http://archives.seul.org/or/talk/Sep-2007/msg00045.html

Do you trade files online? Then they will come after you. Read the news on RIAA and what they are doing to everyone they find. Tor will keep them from finding you. Keep the internet private and down load our program for free.

It clearly is an attempt to convince the reader that his security is at risk and it advise them to dowload a binary named Tor.exe (which is not Tor) to protect against this threat. Of course the page is false and the link is to a trojaned version of the software.

F-Secure has an entry about the new wave on it's weblog http://www.f-secure.com/weblog/archives/archive-092007.html#00001272

I guess it means Tor has now definitely gone mainstream!