0 Replies Latest reply on Jun 3, 2008 2:02 PM by HarryWaldron

    New Storm Worm - Avoid selecting URLs in unexpected email

      Like many of the past attacks, avoid email messages with the theme of "Crazy Love" or a website that is titled "Love Riddles". These tactics are used by the latest version of the Storm Worm.

      New Stormworm download site
      http://isc.sans.org/diary.html?storyid=4516
      http://sunbeltblog.blogspot.com/2008/06/new-storm-tactic.html

      New "Love Riddles" site
      http://www.sunbelt-software.com/ihs/alex/storming2231.PNG

      QUOTE: DavidF brought a new storm worm download site to our attention, which is being spammed out with a message that states:

      “Crazy in love with you” *** Malicious URL Removed ***

      I checked that site and could only find an index.html, lr.gif and loveyou.exe. lr.gif is a gif file that says “love riddles”. Index.html encourages visitors to run loveyou.exe by asking ‘Who is loving you? Do you want to know? Just click here and choose either “Open” or “Run”’. loveyou.exe is a version of Trojan.Peacom.D (aka Stormworm).