Newsfeed
Nachrichtenbote
One of the Storm gang's trademarks in their 18 months lifespan has been that they've been very creative and current when it comes to their social engineering techniques 1, 2, 3 etc. The latest variant is that emails arrive in your inbox talking about a violent earthquake in Beijing.
If you click on the link you come to a page which seem to contain a video that would show you these tragic events but if you click to see the video the site will ask you download and run a file called beijing.exe which if course is not a video at all but the Storm trojan.
One thing that makes it a bit more difficult for a user to pick out that this is Storm is the fact that the links point to valid domains instead of IP addresses. This is not new for Storm but unusual as most of their links point directly to infected IP addresses. So far we've seen the following domains being used and they are all fast fluxing:biztech-co.cn
fconnorlaw.cn
ratedhot.cn
pacoast.cn
cadeaux-avenue.cn
tellicolakerealty.cn
activeware.cn
grupogaleria.cn
polkerdesign.cnThe first time we saw Storm was when they sent out emails that talked about violent storms going through Europe - that's why we named it Storm. At the time there were actually storms going through Europe. The earthquake in Beijing has fortunately not happened. Speaking of Beijing and Storm, we are still expecting to see Storm, and other malware, use the Olympic games in August as a social engineering trick so be on the lookout for those in a few weeks. On 19/06/08 At 05:56 AM
Weiterlesen...
If you click on the link you come to a page which seem to contain a video that would show you these tragic events but if you click to see the video the site will ask you download and run a file called beijing.exe which if course is not a video at all but the Storm trojan.
One thing that makes it a bit more difficult for a user to pick out that this is Storm is the fact that the links point to valid domains instead of IP addresses. This is not new for Storm but unusual as most of their links point directly to infected IP addresses. So far we've seen the following domains being used and they are all fast fluxing:biztech-co.cn
fconnorlaw.cn
ratedhot.cn
pacoast.cn
cadeaux-avenue.cn
tellicolakerealty.cn
activeware.cn
grupogaleria.cn
polkerdesign.cnThe first time we saw Storm was when they sent out emails that talked about violent storms going through Europe - that's why we named it Storm. At the time there were actually storms going through Europe. The earthquake in Beijing has fortunately not happened. Speaking of Beijing and Storm, we are still expecting to see Storm, and other malware, use the Olympic games in August as a social engineering trick so be on the lookout for those in a few weeks. On 19/06/08 At 05:56 AM
Weiterlesen...