Another "Storm" Wave ...
Follow up post/thread from http://forums.spybot.info/showthread...9490#post99490 ...
- http://isc.sans.org/diary.html?storyid=3063
Last Updated: 2007-06-28 23:33:56 UTC...
- http://preview.tinyurl.com/2g58ud
June 28, 2007 (Computerworld)...
- http://www.us-cert.gov/current/#new_...ariant_spreads
June 29, 2007
--------------------------------------
- http://asert.arbornetworks.com/2007/...tcard-malware/
June 29, 2007 ~ "...Pretend you actually clicked the link. What would happen? You’d possibly get your machine recruited into the Peacomm spam botnet. This handy diagram* shows you what happens once you hit the website. There’s some obfuscated JavaScript on the page which builds a link to /123.htm, a malicious ANI file (MS07-017), and other exploits - QuickTime, WinZIP, and WebViewFolderIcon - all to cajole your computer into downloading files and launching them. There’s also a link to “/ecard.exe”, a downloader... If you actually get hit, your box will ping the web server (/aff/cntr.php) start to download the Peacomm components, like /aff/dir/sony.exe , /aff/dir/logi.exe, and /aff/dir/pdp.exe..."
(*Diagram shown at the URL above.)
