Last Updated: 2008-06-02 21:11:49 UTC
by donald smith (Version: 1)
New Stormworm download site
DavidF brought a new stormworm download site to our attention.
220.127.116.11 is being spammed out with a message that states:
“Crazy in love with you” hxxp://18.104.22.168
I checked that site and could only find an index.html, lr.gif and loveyou.exe. lr.gif is a gif file that says “love riddles”.
Index.html encourages visitors to run loveyou.exe by asking ‘Who is loving you? Do you want to know? Just click here and choose either “Open” or “Run”’. loveyou.exe is a version of Trojan.Peacom.D aka Stormworm.
I recommend you block this ip address till it gets cleaned up.