Reference:
AVG - AVI 270.4.9/ 1548
- http://www.grisoft.com/us.news
July 12, 2008
"...new variant of I-Worm/Nuwar..."
This -is- a variant of the Storm worm.
Other AV defs to follow suit, if they haven't already. Check yours...
Reference:
AVG - AVI 270.4.9/ 1548
- http://www.grisoft.com/us.news
July 12, 2008
"...new variant of I-Worm/Nuwar..."
This -is- a variant of the Storm worm.
Other AV defs to follow suit, if they haven't already. Check yours...
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
Once again - same stuff, SAME DAY:
AVI 270.4.10/ 1549
- http://www.grisoft.com/us.news
July 12, 2008
"...new variant of I-Worm/Nuwar..."
This -is- yet another variant of the Storm worm.
Other AV defs to follow suit, if they haven't already. Check yours, again...
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
FYI...
New malicious Storm Worm campaign: American currency
- http://securitylabs.websense.com/con...erts/3137.aspx
07.22.2008 - "Websense... has discovered a new Storm Worm campaign around the theme of the U.S. credit crunch. We have detected a series of email subject lines used to entice users into downloading a Trojan. Here are a few examples of the subjects we have seen in this campaign:
- The new currency is coming
- Amero arrives
- Amero currency Union is now the reality
- The AMERO currency replacing the Dollar ...
Clicking the link... directs users to a site laden with drive-by exploits inside of a script file... In typical Storm Worm fashion, infection success rate is highly dependant on the social engineering tactic employed and thus the malicious file in this campaign is appropriately named amero.exe."
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
FYI...
- http://www.us-cert.gov/current/#new_...vity_spreading
July 29, 2008 - "US-CERT is aware of public reports of a new Storm Worm Campaign. The latest campaign is centered around messages related to the Federal Bureau of Investigation and Facebook. This Trojan horse virus is spread via an unsolicited email message that contains a link to a malicious website. This website contains a link, that when clicked, may run the executable file "fbi_facebook.exe" to infect the user's system with malicious code. Reports, including a posting by Sophos*, indicate the following email subject lines are being used. Please note that subject lines can change at any time.
- F.B.I. may strike Facebook
- F.B.I. watching us
- The FBI's plan to "profile" Facebook
- The FBI has a new way of tracking Facebook
- F.B.I. are spying on your Facebook profiles
- F.B.I. busts alleged Facebook
- Get Facebook's F.B.I. Files
- Facebook's F.B.I. ties
- F.B.I. watching you ..."
* http://www.sophos.com/security/blog/2008/07/1599.html
- http://www.f-secure.com/weblog/archives/00001475.html
July 28, 2008
- http://www.virustotal.com/analisis/c...89ff53f0499231
07.28.2008 - Result: 17/35 (48.57%)
- http://www.fbi.gov/pressrel/pressrel...worm073008.htm
July 30, 2008
Last edited by AplusWebMaster; 2008-07-31 at 11:04. Reason: Added F-secure, Virustotal, and FBI links...
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.
FYI...
- http://blog.trendmicro.com/storm-uses-old-bait/
August 5, 2008 - "The Storm gang is casting its net once again — using “postcards” as bait in a recently discovered spam run... Clicking the link embedded in the message connects the user to the any of the following domains:
* hxxp:// {BLOCKED}cardAdvertising.com/
* hxxp:// {BLOCKED}ettercard.com/
* hxxp:// {BLOCKED}ostcardArt.com/
* hxxp:// {BLOCKED}ostcardmail.com
* hxxp:// {BLOCKED}reetingcard.com/
* hxxp:// {BLOCKED}stcardOnline.com/
* hxxp:// {BLOCKED}ttercard.com/
...When the abovementioned page loads, an auto-redirect occurs after 3 seconds, prompting the user to download a file named postcard.exe... The same file, postcard.exe, is also downloaded if the user clicks on the link save it on the Web page. postcard.exe is detected as TROJ_NUWAR.DDJ... it is plausible that the Storm gang is using this constant change in technique to evade spam and URL filtering blocking. Storm’s has been known to constantly change its employed social engineering technique, the most recent ones being news of terrorists on social networking networks, economic issues, and fake videos of popular celebrities..."
(Screenshots available at the Trendmicro URL above.)
The machine has no brain.
......... Use your own.
Browser check for updates here.
YOU need to defend against -all- vulnerabilities.
Hacks only need to find -1- to get in...
.