Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: New Stormworm download site SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
New Stormworm download site

New Stormworm download site
DavidF brought a new stormworm download site to our attention.
122.118.131.58 is being spammed out with a message that states:

Crazy in love with you” hxxp://122.118.131.58

I checked that site and could only find an index.html, lr.gif and loveyou.exe. lr.gif is a gif file that says “love riddles”.
Index.html encourages visitors to run loveyou.exe by asking ‘Who is loving you? Do you want to know? Just click here and choose either “Open” or “Run”’. loveyou.exe is a version of Trojan.Peacom.D aka  Stormworm.

I recommend you block this ip address till it gets cleaned up.

donald

206 Posts
Jun 2nd 2008

Sign Up for Free or Log In to start participating in the conversation!