Home / mailingsPDF  

WSLabs, Malicious Website / Malicious Code: Storm adds YouTube lures

Posted on 25 August 2007
Websense Security Lab

The Storm Trojan / Bot continues to spread and is now using a YouTube video to lure users. The latest version has a variety of subjects and email bodies but now uses the filename video.exe.

Email subject example: Sheesh man what are you thinkin.

Upon connecting to the URL, which is referenced as a YouTube link but is actually a Storm IP, the same exploit code used in past attacks attempts to run. As in the past if users are not vulnerable they will get a page displayed that requests they run the code manually such as in the screenshot below:

<screenshot in full alert details>

Websense users with Security Suites are protected from connecting to the sites with the exploit code and from connecting to the sites that proxy connections back to main Storm servers.


For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=799

 

TOP