More about the Storm

Monday, 27 August 2007

More about the Storm, and a link to check suspicious URL's with ... "Security researcher Roger Thompson at Exploit Prevention Labs posted about a big Storm botnet spam that tells the recipient their face is all over 'net on a YouTube video. The hyperlink to the video looks innocent enough, though the html under the link takes the user to an exploitive IP address that attempts a driveby download of the Q4Rollup exploit, a package of about a dozen encrypted exploits. If the user is unpatched against anything, they're hit. Here's the text of the spam I personally received this morning: "Subject: Who is that your with? lol Date: Sat, 25 Aug 2007 09:40:32 -0400 From: To: OMG, what are you doing man. This video of you is all over the net. here is the link I got http://www.youtube.com/watch?v=pAqQ2G671GV (in the html email, the actual hyperlink is to a different address, which I confirmed was exploitive by pasting it into LinkScanner Online at http://linkscanner.explabs.com/linkscanner/default .asp I test all my suspicious hyperlinks here.)" (copied from SlashDot.org this AM)