New Year, Recycled Greeting Cards
The storm authors have made up for their lack of creativity by registering a bunch of domains and quickly changing the filename. Additionally a false name has been added as a comment to the html source:
The following domains are still active (the other domains registered through ESTDOMAINS were suspended December 28th):
Your download should begin shortly. If your download does not start inThe javascript actually reads:
approximately 15 seconds,<br>
you can <!-- a href="fck2008.exe" !--><script language="javascript">
<!-- a href="fck2009.exe" -->
document.write( unescape(
'%3C%61%20%68%72%65%66%3D%22%68%61%70%70%79%6E%65%77%79%65%61%72%32%30%30%38%2E%65%78%65%22%3E'
) );
<a href="happynewyear2008.exe">This was probably done in an attempt to identify automated scripts that parse the page for links, then crawl those links.
The following domains are still active (the other domains registered through ESTDOMAINS were suspended December 28th):
newyearcards2008.comserving the following files:
happycards2008.com
uhavepostcard.com
merrychristmasdude.com
newyearwithlove.com
familypostcards2008.com
freshcards2008.com
hellosanta2008.com
happy2008toyou.com
happysantacards.com
hohoho2008.com
happynewyear2008.exe
happy_2008.exe
sony.exe
Labels: javascript, nuwar, peacomm, peed, Storm
posted by Nicholas at
19:49
0 Comments:
Post a Comment
<< Home