Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Storm Variant - Greeting E-cards With Hostile Links


  • Please log in to reply
1 reply to this topic

#1 harrywaldron

harrywaldron

    Security Reporter


  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:06:24 PM

Posted 28 June 2007 - 06:06 PM

A new Storm (aka Nuwar, Tibs) email variant has started circulating. This virus family can generate significant volumes of SPAM with URLs that can automatically download and install malware. Most likely, some of the hostile links will be shutdown as discovered.

ISC: Riding out yet Another Storm Wave
http://isc.sans.org/diary.html?storyid=3063

Sadly you won't need a surf board for this one. Just to give you a heads up, there is a new round of emails with malicious links that is making its way to the inbox of many folks. If you haven't gotten one yet, just give it time.



VERY LIMITED PROTECTION: AV vendors are adding this new variant


========================
SAMPLE OF EMAIL MESSAGE
========================

Subject: You've received a postcard from a family member!

Message: May have following text with hostile URLs

--------
OPTION 1
--------

Click on the following Internet address or copy & paste it into your browser's address box.  <URL removed>

--------
OPTION 2
--------
Copy & paste the ecard number in the "View Your Card" box at <URL removed>


BC AdBot (Login to Remove)

 


#2 harrywaldron

harrywaldron

    Security Reporter

  • Topic Starter

  • Members
  • 509 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Roanoke, Virginia
  • Local time:06:24 PM

Posted 29 June 2007 - 12:51 PM

Example of the new Storm Worm variant from my in-box ... Please do not click on the numerical IP addresses found in Option 1 or 2 URLs. If you select these, you will get a malware infection that is very difficult to clean.

From: "americangreetings.com" [REMOVED]   

To: harry@.... 

Subject: You've received a postcard from a family member! 

Date: Thu, 28 Jun 2007 20:40:01 -0700 


Good day.

Your family member has sent you an ecard from americangreetings.com.

Send free ecards from americangreetings.com with your choice of colors, words and music.

Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.

To view your ecard, choose from any of the following options:

--------
OPTION 1
--------

Click on the following Internet address or copy & paste it into your browser's address box.

http://[REMOVED]/?ee7c634591933434671c16a2e59b1

--------
OPTION 2
--------

Copy & paste the ecard number in the "View Your Card" box at http://[REMOVED]/

Your ecard number is ee7c634591933434671c16a2e59b1

Best wishes,
Postmaster,
americangreetings.com





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users