Archive for the 'Storm' Category
Old hoaxes never die. They just get transplanted to Facebook. Sometimes literally, when a classic email hoax starts to spread with minor emendations through Facebook message or news feeds. In this case, the actual message (at least, as I received it) is still email, but it's been adapted to appeal to the more than 800 million Facebook … Read More…
One of the most common ways to propagate malware through social engineering is to piggyback it on some attention-catching news event. This can be carried out using a variety of techniques and is certainly nothing new. One infamous example from 2007 was Win32/Nuwar (a/k/a the Storm Worm), which distributed through spam emails with current and/or … Read More…
Pierre-Marc tells me that he has received two malware samples that grabbed his attention due to their resemblance to Storm/Waledac. They use the same kind of distribution mechanism: that is, spam with links to a New Year eCard for New year with titles like "New Year Wishes!" and "You Received an Ecard." The mail contains … Read More…
As Valentine’s Day is approaching the criminals behind Win32/Waledac have increased their activity. The Valentine campaign started some time ago but the interesting part is only starting for us. The Waledac botnet has been using fast flux for some time now. This means that the IP addresses of the websites used to distribute this malware … Read More…
Further to Pierre-Marc’s post on the 25th December about the resemblances between Waledac and Storm, I notice that Steven Adair of Shadowserver has been blogging some very nice notes on much the same topic. Well worth a look.
David Harley
jQuery(document).ready(function($) { window.setTimeout(‘loadLinkedin_321()’,1000);window.setTimeout(‘loadFBLike_321()’,1000);window.setTimeout(‘loadGoogle1_321()’,1000);window.setTimeout(‘loadGBuzz_321()’,1000);window.setTimeout(‘loadTwitter_321()’,1000); }); function loadLinkedin_321(){ jQuery(document).ready(function($) { $(‘.dd-linkedin-321′).remove();$.getScript(‘http://platform.linkedin.com/in.js’); }); } function loadFBLike_321(){ jQuery(document).ready(function($) { … Read More…
Yesterday, we started to receive reports of emails pretending to carry links to holiday cards. These emails contain a link that points to a file named ecard.exe. Of course, this executable is not a seasonal holiday card but malware. The reason this wave of malware has attracted our attention is that it is very similar … Read More…
- David Harley (770)
- Randy Abrams (437)
- Cameron Camp (102)
- ESET Research (61)
- Pierre-Marc Bureau (50)
- Stephen Cobb (47)
- Aryeh Goretsky (30)
- Paul Laudanski (17)
- Jeff Debrosse (14)
- Andrew Lee (14)
- Robert Lipovsky (10)
- Sebastian Bortnik (9)
- Dan Clark (8)
- Sébastien Duquette (5)
- Tasneem Patanwala (3)
- Peter Stancik (2)
- Andrea Kokavcova (1)
- David Carnevale (1)
- C. Nicholas Burnett (1)
RSS
