FYI...
- http://blog.trendmicro.com/storm-now-on-video/
April 8, 2008 - "...only days after re-professing its love to unsuspecting users via blog pages, the Storm malware is at it again, this time posing as a video codec. TrendLabs researchers discovered several sites that offer, what looks like, a YouTube-look-alike streaming video. The infection vector and messaging is actually still the same, that is, users are most likely to access this site via links on specially crafted, love-themed blogs. What is interesting this time is that on the said site, users are required to download the so-called Storm Codec in order to view the said video. Yes, you read that right: the codec is called Storm Codec... Is that blatant enough? Of course, the said “codec” is actually a NUWAR/Storm variant, which Trend Micro already detects as WORM_NUWAR.JQ... If the social engineering tactic of using video codecs is familiar, it’s because it is — ZLOB Trojans became infamous because of it... the Storm gang’s attempt to venture into the said codec “business” has our researchers speculating whether they are now in cahoots with the ZLOB authors, or that they are trying to take over ZLOB’s niche, much like they did with STRATION when the two first started battling it out late 2006..."
(Screenshot available at the URL above.)