Wednesday, January 16, 2008

Valentine's Zhelatin-Storm.

Yesterday I started receiving another wave of Storm/Zhelatin e-mails, this time exploiting our love: you got it, Storm/Zhelatin started exploiting Valentine’s Day.
The e-mails Storm is sending are same as in last couple of waves – a subject designed to catch your attention and the body with a URL consisting of only an IP address. Once a user visits the web site he is served with a nice web page with a picture of a Valentine hart in the middle and a link to download an executable – same as with previous versions. So is there anything new about this variant of Storm? Not really. The social engineering attack is the same as before. Actually, there are a lot of similarities with Storm’s Valentine’s attack last year (2007). The subjects are almost the same and the only difference is that last year Storm sent itself as an attachment. So we can say again .. the story continues.