Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

European Storm Video E-mail With Trojan


  • Please log in to reply
6 replies to this topic

#1 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:42 PM

Posted 19 January 2007 - 01:57 PM

...received an e-mail with the subject "230 dead as storm batters Europe". It includes an attachment "Video.exe"...Nothing new to have a disaster followed up by a simple e-mail virus claiming to be a video of the event. However, this one came a bit faster then normal it seems...

http://isc.sans.org/diary.html?storyid=2071

Its been reported that the file names are changing as well as the subject. Be careful with those emails folks.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:42 PM

Posted 20 January 2007 - 07:27 AM

Another trojan run by the Storm Worm gang.

A modified version of the Trojan and different news items in the subject field detected as Trojan-Downloader.Win32.Agent.bet.

'Storm Worm' Sweeps Into U.S.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 DASOS

DASOS

    Malware hunter


  • Security Colleague
  • 1,662 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greece loutraki 6 km from korinth canal
  • Local time:09:42 PM

Posted 20 January 2007 - 03:56 PM

You won't believe it guys, I didn't:

What you have wrote today about that Trojan it was headline in the main [Greek government TV news channel], today. :thumbsup: unbelievable!!

http://news.ert.gr/CatNews.asp?catid=6

http://news.ert.gr/newsDetails.asp?id=285640 < -- article

with that link from f- secure:

http://www.ert.gr/hotlinks.asp?id=http://www.f-secure.com/

Stelios :flowers:

#4 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:42 PM

Posted 21 January 2007 - 09:46 AM

1/21/07:

Update on Sunday: Another run. This time with a different theme included in the subjects:
New filenames include Flash Postcard.exe

http://www.f-secure.com/weblog/archives/ar...7.html#00001088
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:42 PM

Posted 22 January 2007 - 05:40 AM

Storm Worm starts to use Rootkit techniques

These variants are now detected as W32/Stormy.AB and Trojan-Downloader.Win32.Agent.bet

http://www.f-secure.com/weblog/archives/ar...7.html#00001089
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:42 PM

Posted 23 January 2007 - 07:42 AM

The threat continues to evolve. Symantec has an update on what they call Trojan.Peacomm.

...The bot machines are now communicating over UDP port 7871, instead of port 4000...the new version of the threat has fully fledged rootkit capabilities, albeit not very sophisticated...It is now capable of hiding several files and registry keys by hooking several kernel functions and patching the tcpip.sys system driver to hide its ports from commands, such as netstat -o or netstat -b....

symantec.com/weblog
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 quietman7

quietman7

    Bleepin' Janitor

  • Topic Starter

  • Global Moderator
  • 51,122 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:03:42 PM

Posted 24 January 2007 - 08:08 AM

'Storm' Trojan Hits 1.6 Million PCs; Vista May Be Vulnerable

The goal of the Trojan seems to be to acquire a large botnet, or collection of compromised PCs, that can be used to send traditional scam spams or for later identity mining...The Trojan horse that began spreading Friday has attacked at least 1.6 million PCs...In addition, it appears that Windows Vista...is vulnerable to the attack...


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users