 Storm Worm Valentine's Day Update |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.  |
 Feb 11 2008, 02:15 PM
Post
#1
|
|
 Bleepin' Janitor  Group: Global Moderator Posts: 14,074 Joined: 9-July 05 From: Virginia, USA Member No.: 26,513  |
QUOTE As could be expected, Storm Worm has once again undergone another change as Valentine's Day is approaching. Fresh with 8 different rotating Valentine's Day images and a new executable named valentine.exe (may sound familiar), the Storm Worm may be gearing up for a new round of assaults on inboxes... http://www.shadowserver.org/wiki/pmwiki.ph...lendar.20080210 screenshots available in the above link -------------------- "THE BAD GUYS DON'T NEED A SEARCH WARRANT. ARE YOU PROTECTED?"
Microsoft MVP - Windows Security 2007-2009  |
 |
 
|
 Feb 13 2008, 12:44 PM
Post
#2
|
|
 Security Reporter Group: News Reporters Posts: 493 Joined: 10-April 04 From: Roanoke, Virginia Member No.: 107 |
Thanks Quietman ... More links below related to latest attacks ...
 After some "test runs" in early February, new waves of the Storm worm are now surfacing using Valentine's Day themes. These spammed email messages are designed to trick individuals into visiting the malicious websites (uses numeric IP addresses and lacks more detailed personalization that one would find in true e-cards sent this time of year). If the associated EXE file lurking on the website is opened, the malware can automatically install silently on the system. This new wave of attacks is not well detected by AV products, as the malware agent is being constantly changed each hour automatically. Avoid these emails completely, so you don't end up broken-hearted on Valentine's Day   Storm Worm - Valentines Day e-card Attackshttp://www.avertlabs.com/research/blog/ind...alentine-nuwar/ http://www.f-secure.com/weblog/archives/00001377.html http://blog.trendmicro.com/storm-sure-loves-everybody/ http://isc.sans.org/diary.html?storyid=3979 http://asert.arbornetworks.com/2008/02/new...s-day-campaign/ http://uploadmalware.blogspot.com/2008/02/...-it-begins.html QUOTE: With Valentine’s Day coming this week, we have seen a new wave of Nuwar spamming this Monday evening, amounting to more than 20 variants in a couple of hours. Detection for these variants from major AV vendors was near nonexistent, as the Nuwar writer is using a new compiler this time to bypass detection. While we saw the Valentine’s day campaign start in January, it’s morphed. This time using the following approaches (some old, some new) -- raw IP addresses in the spam lures -- the filename is now “valentine.exe”, using a redirect and a clickable link -- much more simple HTML websites -- subjects include “Blind Love”, “Just You” and other warm fuzzy subjects -- rapidly changing MD5 hashes -- poor AV detection EXAMPLE TO AVOID Subject: Sweetest Things Aren't Things! Date: Mon, 11 Feb 2008 13:13:58 +0900 From: REMOVED To: Susan Text: Love Poem: (Malicous Numeric IP address removed) -------------------- |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th January 2009 - 07:53 AM |
© 2003-2008 All Rights Reserved Bleeping Computer LLC.