Following on from yesterday's EEG Web site hack,a collection of recently registered sites, hosted on blogspot.com,claim to have obtained an explicit video featuring Hong Kong actorEdison Chen and actress Cecilia Cheung.
When a user visits one of these sites, they are prompted to download"a new version of Video ActiveX Object" to play the video. Needless tosay, the file setup.exe is not an update as claimed. Rather, it is amalicious file detected as Trojan.Zlob by Symantec antivirus products.
The malicious sites we have seen to date: • edison-...
As Valentines Day approaches, we see theStorm team have made yet another change in an effort to furtherpopulate their army of bots. A subsection of their herd that have beenhosting the Valentines-related content now presents the visitor withone of eight randomly themed images and bestows upon them the gift of"valentine.exe," detected as eitherTrojan.Peacomm.D or Trojan.Peacomm.
The page serves up a random image file per visit (or refresh of thepage), probably via some server-side scripting. A five second delayusing a meta-refresh tag provides enough time to enjoy the image beforebeing prompted to save the executable on the local system. A recentperusal of our spam trap continues to catch a large number of emailswith a...
Well, the holidays are over and people are now back working. Including the controllers of the Storm botnet.
Steven Adair of Shadowserverhas confirmed that the recently festive Storm domains have now hadtheir DNS records deactivated. This means that for those of us who haveyet to go back to work, the malicious Christmas and New Year themedemails we may see in our inboxes are now less of a threat. However, wehave seen this sort of behavior in the past and we should prepareourselves for the next "infection run", as the deactivation of domainsis often the result of the shifting of a threat rather than itscessation.
