Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: New Stormworm download site - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Stormworm download site

New Stormworm download site
DavidF brought a new stormworm download site to our attention.
122.118.131.58 is being spammed out with a message that states:

Crazy in love with you” hxxp://122.118.131.58

I checked that site and could only find an index.html, lr.gif and loveyou.exe. lr.gif is a gif file that says “love riddles”.
Index.html encourages visitors to run loveyou.exe by asking ‘Who is loving you? Do you want to know? Just click here and choose either “Open” or “Run”’. loveyou.exe is a version of Trojan.Peacom.D aka  Stormworm.

I recommend you block this ip address till it gets cleaned up.

donald

206 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!