Home / mailings WSLabs, Malicious Website / Malicious Code: Storm Tactics Change, Fake NFL Site
Posted on 14 September 2007
Websense Security LabWebsense Security Labs(TM) has received several reports of a new Web site that is being distributed in spam that is being sent out by those running the Storm attacks. For more details on the Storm attack (http://www.websense.com/securitylabs/blog/blog.php?BlogID=141).
This site poses as an NFL Web site and includes statistics from last weeks games. The statistics are from last week's games and appear to be accurate. No exploit is on the site itself. However, when users click any of the URLs, they are prompted to download and run a file called "nflseasontracker.com." This file contains the Storm payload code.
The site was up and running the time of this alert.
Sample email text:
Get on top of tonight's game with your FREE NFL Season tracker!
http://removed/
Web site screenshot in full alert details.
For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=805