Saturday, August 25, 2007

Storm twist

Hi folks,

There has been a slightly interesting development with the massive storm botnet today, in that they are referencing a youtube video.

This is typical email text ...

"You can see your face right in the video. its all over the web dude. this is the link to it."

followed by what seems to be a youtube link.

At first we thought they'd done something cunningly bad to youtube, but it's just an email/ html trick. ALl they're doing is displaying an html link, which in fact takes you directly to a Storm node, which in turn tries to use a Q406 Rollup package to infect you.

What this all means is that LinkScanner sees thru all their subterfuge just fine, but lots of non-LinkScanner users will be tempted to view the youtube video (which are always safe, aren't they?)




At 10:47 AM, Anonymous Anonymous said...

My spam box is starting to fill up with these things.

At 2:46 AM, Anonymous Anonymous said...

I have received a few mails of this kind and have opened at least one of them. How do I find out if my system is affected?

At 10:43 AM, Anonymous Anonymous said...

The video/clever JPEG links to an EXE file. Unless you ran the EXE, you're unlikely to be infected.

At 3:47 AM, Anonymous Anonymous said...

How do I find out if my system is affected?

If you have scripting on, running Windows, have administratior privialges and didn't get a message from your AV software, then you are probably part of a botnet. Keep an eye on your router or modem lights. If they are busy and your computer shouldn't be, shut it off.


Post a Comment

<< Home