Some advice for the day: don't click on every link in your email. It looks like the Peacomm (Storm) authors have decided to use past and future events in China as lures for their latest creation. A new spam run is in progress with links to a file called "beijing.exe," which is currently detected by Symantec as Trojan.Peacomm.D.
Some of the subject lines we've seen so far are:
The most powerful quake hits China Countless victims of earthquake in China Death toll in China is growing Recent earthquake in china took a heavy toll Recent china earthquake kills million China is paralyzed by new earthquake Death toll in China exceeds 1000000 A new powerful disaster in China A new deadly catastrophe in China 2008 Olympic Games are under the threat
No sooner had various agencies commented on the reduction of the size of the Storm network than we started seeing signs of another wave of malware in the offing. We are currently tracking some fast-flux domains related to Trojan.Peacomm (a.k.a. Storm). These domains were registered just a few days ago. Simply visiting the sites presents the user with a blank page; however, modifying the URLs to access a specific file runs a script which attempts to exploit several different vulnerabilities. Some of the vulnerabilities targeted are Bugtraq IDs 20047, 28157, 23224, 27533 and...
It’s been less than 24 hours since theformer Prime Minister of Pakistan was assassinated. As expected, themalware authors and distributors have already begun exploiting themorbid curiosity about Benazir Bhutto's death as a lure to spread theirmalice.
A simple search with terms such as "pakistan prime ministerassassination" yields results that include pages like the one shownbelow:
As some would expect, clicking on some of these links will mean that the old (technique-wise) ActiveX message box will appear:
The problem with many of these links is that the ActiveX Object ismalicious. For example, following the link in the...
The new Storm worm variants being seenthese days have yet again evolved and are gaining strength. Well, atleast in encryption technology. The P2P UDP packets (made up of theheader and payload) are now encrypted using a 40-byte key. As ourfriends at Secure Works pointed out here,this is definitely good news for network administrators who have todeal with legitimate P2P overnet traffic. Here are some snapshotsshowing the P2P traffic before and after encryption.
