Comments on: Storm Worm Authors move to Military Theme

By: jeremy

jeremy — Fri, 11 Jul 2008 20:59:20 +0000

Thanks for the additional information, and good job.

–jeremy

By: Marco

Marco — Fri, 11 Jul 2008 17:49:48 +0000

For those who like to look at binary disassembly, I’ve written an analysis of the shellcode used in the 9 browser exploits mentioned by Jeremy.

By: jeremy

jeremy — Wed, 09 Jul 2008 04:10:17 +0000

Just check your %WINDIR% directory for the following two files: msserv.exe or msserv.config. If you have them you are infected. It is possible if your system isn’t patched as there is a hidden iframe file “ind.php” with several exploits in it. Good luck and hope you were lucky.

–jeremy

By: JG

JG — Wed, 09 Jul 2008 03:25:59 +0000

So, i just clicked through the link in my email, but quickly realized that i was an idiot and closed the window before the page even loaded. Did i put myself at risk?

Did anything automatically download??

thanks in advance