There's recently been quite much written about a botnet of spam trojans named Kraken.
There've been some claims that the botnet is the biggest currently out there, massing over 400,000 infected computers. Most AV vendors in the industry have been wondering about the numbers, which seem to be exagerated when taking a look at received samples. Is it because of the “arrival” of Kraken, which, following the footsteps of MayDay and Mega-D, is challenging the said gang for the “Biggest Zombie Network” title? Whatever the case, only days after re-professing its love to unsuspecting users via blog pages, the Storm malware is at it again, this time posing as a video codec. Looks like the Storm gang (or at least the Russian/Ukrainian criminals behind it) is expanding its business again. Several sites offer what looks like a YouTube-look-alike streaming video. The infection vector and messaging is actually still the same, meaning users are most likely to access this site via links on specially crafted, love-themed blogs. What is interesting this time is that on these sites, users are required to download the so-called Storm Codec in order to view the said video.... Correct: the codec is called Storm Codec.
Users are advised to be wary when visiting Web sites or blogs, especially those that require installation or execution of files. Video files — especially those posted online — almost always do not require video codecs anymore ... but do you think that any user knows this?