Looks like Storm moved to a new mutation. The e-mails are now inviting users to become members in various "clubs". Here is a sample I just got: Subject: Login Information Dear Member, I have seen about a dozen different once so far. They are all "confirmations" in this style to various web sites. The web page offers again an "applet.exe" for download. In short: We don't need to enumerate variants of the e-mail message. If you are brave and know what you are doing, download the applet.exe and try to reverse it (not easy typically). Thunderbird warned me that the link is a scam. (I think it does so for all numeric IP links). My copy of applet.exe was about 114 kB large. While many AV scanners detect it as "evil" based on heuristic signatures, some well known scanners don't (maybe Virustotal is running them without heuristic turned on, or they just don't do it) IMHO: this is a lost cause. People are either infected or they know how to protect themselves. (From virustotal.com) File applet.exe received on 08.21.2007 05:21:50 (CET) Result: 14/32 (43.75%)
(I replaced the numeric IP address with 'a.b.c.d')I will be teaching next: Defending Web Applications Security Essentials - SANS San Francisco Spring 2020 |
Johannes 3693 Posts ISC Handler |
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Subscribe |
Aug 21st 2007 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!