SecurityHome.eu WSLabs, Malicious Website / Malicious Code: New Storm tactic: Kitty Greeting Card

Home / mailings PDF

WSLabs, Malicious Website / Malicious Code: New Storm tactic: Kitty Greeting Card
Posted on 12 October 2007
Websense Security Lab
Websense® Security Labs(TM) has received several reports of a new Web site that is being distributed in spam sent out by those running the Storm attacks. For more details on the Storm attack, see (http://www.websense.com/securitylabs/blog/blog.php?BlogID=141).

This site poses as a free Ecard Web site. No exploit is on the site itself. However, when users click any of the URLs, they are prompted to download and run a file called "SuperLaugh.exe." This file contains the Storm payload code.

Sample email text:

View your Kitty Card now! (URL REMOVED)

For additional details and information on how to detect and prevent this type of attack:
http://www.websensesecuritylabs.com/alerts/alert.php?AlertID=807

TOP

Mailings :

[gentoo-announce] [ GLSA 202405-09 ] MediaInfo, MediaInfoLib: Multiple Vulnerabilities
[gentoo-announce] [ GLSA 202405-08 ] strongSwan: Multiple Vulnerabilities
[gentoo-announce] [ GLSA 202405-07 ] HTMLDOC: Multiple Vulnerabilities
[gentoo-announce] [ GLSA 202405-06 ] mujs: Multiple Vulnerabilities
[gentoo-announce] [ GLSA 202405-05 ] MPlayer: Multiple Vulnerabilities

Last 20

Exploits :

SOPlanning 1.52.00 Cross Site Scripting
SOPlanning 1.52.00 Cross Site Request Forgery
SOPlanning 1.52.00 SQL Injection
htmlLawed 1.2.5 Remote Command Execution
Online Tours And Travels Management System 1.0 SQL Injection

Last 20