There is a new drive-by Storm attack!

This attack now includes an additional attack method, a compromised Adobe Acrobat (pdf) file, as described in this article.

It also includes a new, updated two-stage multi-vector attack similar to what was reported here in early May (now includes code to download & execute two different payload files from different locations – is Storm subletting? – as well as a new, very irritating combination of AV evasion/obfuscation techniques).

It also now includes a third attack method, based on a Microsoft Office SnapShot Viewer ActiveX exploit.

This attack is also serving-up files directly by an IP address, which also happens to be right next store to the IPs you mentioned being used by flora.pl and the spewing spambots in your Comment Spam & PPC Redirection article! I have confirmed that these virus files are being served-up from the same “bulletproof” Panamanian hosting service you mentioned!

The scariest part, however, it how they appear to be spreading this. From what I can tell, it appears this may be being spread via infected banner ads displayed on legit sites and served-up from affiliate ad services! Yikes!

I am E-MAILing you the details, but wanted to make sure that you saw this right away!