Dude, what if your wife finds this?!
The latest storm run is now using http and fake urls.
This is actually good news for us, because most spam filters will catch it. Turning off 'html display' in your email client will help you identify tricks like this:
The latest run uses video.exe and displays a static Youtube logo. All ecard.exe, msdataaccess.exe and applet.exe requests will result in a 404 error.
In other news:
We are now submitting our Stormworm IP feeds to Bleeding Edge Threats, and Comcast Communications as well as various private mailing lists and a law enforcement group.
We have captured over 25,000 unique malicious files related to this malware.
Other ISPs are starting to respond to our notifications.
US Cert has issued the following notice:
UPDATE: Sans ISC Post
This is actually good news for us, because most spam filters will catch it. Turning off 'html display' in your email client will help you identify tricks like this:
Subject: Dude, what if your wife finds this?
From: <laura@trisection.com>Content-Type: text/html;charset=windows-1252
Content-Transfer-Encoding: 7BIT
Message-Id: <1IP0UT-000TG6-8G@wfvy>Sender: User guzjxoepu <guzjxoepu@wfvy>Date: Sun, 26 Aug 2007 03:36:09 +0900
<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.0 Transitional//EN\"><html><body>OMG, what are you doing man. This video of you is all over the net. take a look, lol... <a
href=\"http://xx.xx.x.xxx/\">http://www.youtube.com/watch?v=12xM6esvMXs</a></body></html>
The latest run uses video.exe and displays a static Youtube logo. All ecard.exe, msdataaccess.exe and applet.exe requests will result in a 404 error.
In other news:
We are now submitting our Stormworm IP feeds to Bleeding Edge Threats, and Comcast Communications as well as various private mailing lists and a law enforcement group.
We have captured over 25,000 unique malicious files related to this malware.
Other ISPs are starting to respond to our notifications.
US Cert has issued the following notice:
US-CERT is aware of several new propagation techniques being used by the Storm Worm Trojan to spread. The new variants arrive as either an email message claiming to contain a link to adult pictures, or as credentials for a membership-based website, asking you to login to change your temporary ID and password. The messages contain links to malicious websites that when visited, install malware on the user's system.
US-CERT urges users and administrators to take the following preventative measures to mitigate the security risks:
* Do not follow unsolicited links.
* Configure your web browser as described in the Securing Your Web Browser document.
* Install anti-virus software, and keep its virus signature files up-to-date.
* Refer to the Recognizing and Avoiding Email Scams document for more information on avoiding email scams.
* Refer to the Avoiding Social Engineering and Phishing Attacks document for more information on social engineering attacks.
UPDATE: Sans ISC Post
posted by Nicholas at
07:35
0 Comments:
Post a Comment
<< Home