Storm revists love theme and postcard.exe
Posted by jeremy on July 24th, 2008
I guess the Amero and the Domain Name outages just weren’t working out for the Storm Authors, as they have shifted back to an old theme. The message is simple:
You’ve got an animated postcard from someone who loves you.
Click here to save the postcard.
Nothing new here as they have played the “love” theme before. The “ind.php” javascript obfusticated exploit serving file is still included as an iframe redirect, so be-aware of this. My only major concern with this new/revisited campaign is the new binary has a very little Antivirus Vendor detection rate: Result: 8/35 (22.86%). I have not seen any new domain names or spam associated with this change, but my guess is tonight when I take a deeper look at it in the lab I will be greeted with these changes.
August 4th, 2008 at 11:56 am
[...] Now I am not a tracker of storm campaigns nor binaries, I am just a casual binary analyst, but today while running a storm gateway for research purposes, I found some new domains going along with the revisited love theme and its postcard.exe. [...]
August 4th, 2008 at 11:58 am
There’s new domains now. Waiting for insight into the spam messages
http://bjou.homeunix.net/blog/2008/08/new-storm-campaign-and-domains/
August 4th, 2008 at 12:20 pm
Thanks for the info… I will capture the spam tonight in the lab to follow up. Thanks again.
–jeremy