Threat Level: green Handler on Duty: Pedro Bueno

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

New Stormworm download site

Published: 2008-06-02
Last Updated: 2008-06-02 21:11:49 UTC
by donald smith (Version: 1)
0 comment(s)

New Stormworm download site
DavidF brought a new stormworm download site to our attention.
122.118.131.58 is being spammed out with a message that states:

Crazy in love with you” hxxp://122.118.131.58

I checked that site and could only find an index.html, lr.gif and loveyou.exe. lr.gif is a gif file that says “love riddles”.
Index.html encourages visitors to run loveyou.exe by asking ‘Who is loving you? Do you want to know? Just click here and choose either “Open” or “Run”’. loveyou.exe is a version of Trojan.Peacom.D aka  Stormworm.

I recommend you block this ip address till it gets cleaned up.

Keywords: stormworm
0 comment(s)
Diary Archives