Home / mailings WSLabs, Malicious Web site / Malicious Code: New Storm Trojan Email Tactic
Posted on 14 August 2007
Websense Security LabWebsense® Security Labs(TM) has received several reports of new Storm Trojan tactics being used within emails. The new emails are using the Subject: "Greeting Card Victim" and contain the following:
Email Body:
Class-mate(enter name) has created Greeting card for you victim at christianet.com. To see your custom Greeting card, simply click on the following link: http:// <stripped>
Send a FREE greeting card from christianet.com whenever you want by visiting us at: This service is provided and hosted by christianet.com.
End of Email Body
Just like previous attacks, the URLs point to a compromised machine that is hosting the BOT and an HTTP proxy. The same exploit code attempts to run the file without user intervention; however, the file name has changed to msdataaccess.exe.
Websense Security customers are protected from connecting to the sites hosting the Trojan Horse / Bot.
For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=792
