Comments for sudosecure.net

Comment on Malicious Site Analysis for dota11.cn injection by Mike

Mike — Sat, 16 Aug 2008 07:05:17 +0000

Now I’m no techy, but this mentioned .cn domain site link has replaced my profile information on an international penpal website. Seems strange, my email account has also been hacked by somebody who is now sending out emails with .cn links, not to mention the daily pile of spam sent with .cn links. Hotmail has been contacted - hopefully they can sort it out!

Comment on Storm revists love theme and postcard.exe by jeremy

jeremy — Mon, 04 Aug 2008 18:20:22 +0000

Thanks for the info… I will capture the spam tonight in the lab to follow up. Thanks again.

–jeremy

Comment on Storm revists love theme and postcard.exe by bjou

bjou — Mon, 04 Aug 2008 17:58:45 +0000

There’s new domains now. Waiting for insight into the spam messages
http://bjou.homeunix.net/blog/2008/08/new-storm-campaign-and-domains/

Comment on Storm revists love theme and postcard.exe by New Storm Campaign and Domains | BjOG - Bjou's Blog, that is!

New Storm Campaign and Domains | BjOG - Bjou's Blog, that is! — Mon, 04 Aug 2008 17:56:35 +0000

[...] Now I am not a tracker of storm campaigns nor binaries, I am just a casual binary analyst, but today while running a storm gateway for research purposes, I found some new domains going along with the revisited love theme and its postcard.exe. [...]

Comment on Storm Worm new “Currency Theme” campaign begins by Henry van Wyk

Henry van Wyk — Wed, 23 Jul 2008 04:33:42 +0000

Another site…

hxxp://65.33.188.122/

Comment on Storm Worm new “Currency Theme” campaign begins by Omar

Omar — Tue, 22 Jul 2008 19:45:24 +0000

Thanks for the info.

Here’s the email I just got:
—————————-

Return-Path:
Received: from sqyvdy (unknown [123.19.167.95])
with SMTP id F1F231C68046
Received: from anvyd ([110.146.213.201]) by sqyvdy with Microsoft SMTPSVC(6.0.3790.0); Tue, 22 Jul 2008 17:08:05 +0700
Message-ID:
From:

Subject: North American Union is the reality now

Date: Tue, 22 Jul 2008 17:02:17 +0700
MIME-Version: 1.0
Content-Type: text/plain;
format=flowed;
charset=”windows-1250″;
reply-type=original
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.50.4133.2499
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2499

—————————-
Body:
—————————-
Death of the U.S. Dollar hxxp://24.180.53.121/

Comment on Storm Worm new “Currency Theme” campaign begins by Henry van Wyk

Henry van Wyk — Tue, 22 Jul 2008 08:13:00 +0000

Another site… hxxp://68.51.193.78/

Comment on Storm Worm new “Currency Theme” campaign begins by jeremy

jeremy — Mon, 21 Jul 2008 19:24:50 +0000

Thanks for the update as well. It looks like several of you all are starting to see the spam come in. No new domain names just links directly to the IP address.

Comment on Storm Worm new “Currency Theme” campaign begins by Benjamin

Benjamin — Mon, 21 Jul 2008 18:54:44 +0000

I just got one of these in my spam box in my gmail account…pointing to 67.38.17.32 in this case.

Comment on Storm Worm new “Currency Theme” campaign begins by jeremy

jeremy — Mon, 21 Jul 2008 18:03:15 +0000

Thanks for the update.