sudosecure.net

It appears that earlier this morning around 9am CST time the Storm Worm web servers pulled the StormCodec.exe, and StormCodec8.exe binaries. I am not sure what is actually occuring as of yet, but my guess is this is preparation for a new download campaign that will begin shortly. If I had to guess, I would guess that the next download campaign would be “Happy Mother’s Day” and I would prepare for a fresh set of Spam messages arriving Monday morning.

Another guess would be this is the beginning of the end for the Storm Worm with everyone claiming victory over this menace. I wouldn’t bet on that though, as the p2p net is still active (not as large as it use to be) and the Storm Worm’s Name Servers are still up and functioning. The only thing that has drastically changed based off my initial investigation this morning is the web servers are not currently serving up the binaries at this time or an index page. If I discover anything new I will let you all know.