Page 8 of 8 FirstFirst ... 45678
Results 71 to 75 of 75

Thread: Another "Storm" Wave ...

  1. #71
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation New variant of I-Worm/Nuwar...

    Reference:

    AVG - AVI 270.4.9/ 1548
    - http://www.grisoft.com/us.news
    July 12, 2008
    "...new variant of I-Worm/Nuwar..."

    This -is- a variant of the Storm worm.

    Other AV defs to follow suit, if they haven't already. Check yours...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  2. #72
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation Yet another variant of Storm...

    Once again - same stuff, SAME DAY:

    AVI 270.4.10/ 1549
    - http://www.grisoft.com/us.news
    July 12, 2008
    "...new variant of I-Worm/Nuwar..."

    This -is- yet another variant of the Storm worm.

    Other AV defs to follow suit, if they haven't already. Check yours, again...

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  3. #73
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation New malicious Storm Worm campaign: American currency

    FYI...

    New malicious Storm Worm campaign: American currency
    - http://securitylabs.websense.com/con...erts/3137.aspx
    07.22.2008 - "Websense... has discovered a new Storm Worm campaign around the theme of the U.S. credit crunch. We have detected a series of email subject lines used to entice users into downloading a Trojan. Here are a few examples of the subjects we have seen in this campaign:
    - The new currency is coming
    - Amero arrives
    - Amero currency Union is now the reality
    - The AMERO currency replacing the Dollar ...
    Clicking the link... directs users to a site laden with drive-by exploits inside of a script file... In typical Storm Worm fashion, infection success rate is highly dependant on the social engineering tactic employed and thus the malicious file in this campaign is appropriately named amero.exe."

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  4. #74
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Exclamation

    FYI...

    - http://www.us-cert.gov/current/#new_...vity_spreading
    July 29, 2008 - "US-CERT is aware of public reports of a new Storm Worm Campaign. The latest campaign is centered around messages related to the Federal Bureau of Investigation and Facebook. This Trojan horse virus is spread via an unsolicited email message that contains a link to a malicious website. This website contains a link, that when clicked, may run the executable file "fbi_facebook.exe" to infect the user's system with malicious code. Reports, including a posting by Sophos*, indicate the following email subject lines are being used. Please note that subject lines can change at any time.
    - F.B.I. may strike Facebook
    - F.B.I. watching us
    - The FBI's plan to "profile" Facebook
    - The FBI has a new way of tracking Facebook
    - F.B.I. are spying on your Facebook profiles
    - F.B.I. busts alleged Facebook
    - Get Facebook's F.B.I. Files
    - Facebook's F.B.I. ties
    - F.B.I. watching you ..."
    * http://www.sophos.com/security/blog/2008/07/1599.html

    - http://www.f-secure.com/weblog/archives/00001475.html
    July 28, 2008

    - http://www.virustotal.com/analisis/c...89ff53f0499231
    07.28.2008 - Result: 17/35 (48.57%)

    - http://www.fbi.gov/pressrel/pressrel...worm073008.htm
    July 30, 2008

    Last edited by AplusWebMaster; 2008-07-31 at 12:04. Reason: Added F-secure, Virustotal, and FBI links...
    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

  5. #75
    Adviser Team AplusWebMaster's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    6,881

    Thumbs down

    FYI...

    - http://blog.trendmicro.com/storm-uses-old-bait/
    August 5, 2008 - "The Storm gang is casting its net once again — using “postcards” as bait in a recently discovered spam run... Clicking the link embedded in the message connects the user to the any of the following domains:
    * hxxp:// {BLOCKED}cardAdvertising.com/
    * hxxp:// {BLOCKED}ettercard.com/
    * hxxp:// {BLOCKED}ostcardArt.com/
    * hxxp:// {BLOCKED}ostcardmail.com
    * hxxp:// {BLOCKED}reetingcard.com/
    * hxxp:// {BLOCKED}stcardOnline.com/
    * hxxp:// {BLOCKED}ttercard.com/
    ...When the abovementioned page loads, an auto-redirect occurs after 3 seconds, prompting the user to download a file named postcard.exe... The same file, postcard.exe, is also downloaded if the user clicks on the link save it on the Web page. postcard.exe is detected as TROJ_NUWAR.DDJ... it is plausible that the Storm gang is using this constant change in technique to evade spam and URL filtering blocking. Storm’s has been known to constantly change its employed social engineering technique, the most recent ones being news of terrorists on social networking networks, economic issues, and fake videos of popular celebrities..."

    (Screenshots available at the Trendmicro URL above.)

    The machine has no brain.
    ......... Use your own.
    Browser check for updates here.
    YOU need to defend against -all- vulnerabilities.
    Hacks only need to find -1- to get in...
    .

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •