sudosecure.net

A new Storm Campaign has been identified by my binary tracker this morning around 8am Central Standard Time. This new campaign is titled: “FBI vs Facebook” and is most likely another attempt at using current news events to trick users into installing the newest Storm Worm Trojan. I did a quick Google News search and found several headlines within the last two months relating to the FBI using Facebook to profile people, and also the US congress using FBI investigation findings to support a new Bill that will ban children from accessing Facebook and other social networking sites in public places such as libraries without parental supervision. The web page is very simple:

There is really only one interesting modification that has taken place with the release of this new theme which can be seen in the source code for the web page:

As you can see the “ind.php” is no longer being included as an iframe, so either the authors were not benefiting from the exploits being executed or it was simply an oversight mistake when they deployed this new theme. Either way it benefits us, as it is one last thing we have to worry about when a user visits this page.

The VirusTotal results regarding the new “fbi_facebook.exe” binary are not outstanding, but we have some identification for the Storm Worm Trojan: Result: 18/35 (51.43%)