Home | Blogs

« Oh... it's NOT meant to be sexual then? | Main | Memory use is very high »

I got an e-mail from Storm!

Just checking my e-mail, I found an e-mail telling me that my ecard was waiting. On opening it, I found a link to the "crazy kitty ecard" which is actually a Storm binary!

I found a "From" e-mail address. I went to the domain name in the "from" field and it is some sort of cafe. I e-mailed them with the following message:


  • To Whom It May Concern,

    I have been sent a spam e-mail from an e-mail address belonging to your domain name. This spam e-mail attempted to convince me to download a malicious file - a virus. Here is the message:

    To
    Subject [Spam?]Your ecard is waiting!
    From <schulkebass@bjs.co.za>  Add to Contacts
    Date Sunday, October 28, 2007 9:02:40 PM
    [ ↓ ↑ ] View Message Source
    Headers 
    Message-ID: <002e01c81962$d2266480$4cdaac8e@kcfjy>
    Content-Type: text/plain;format=flowed;charset="windows-1250";reply-type=original
    MIME-Version: 1.0
    X-Priority: 3
    Received: from c2mailmx06.mailcentro.net (10.2.14.106) by C2MAIL02.mailcentro.net (NPlex 5.5.042)id 47238B3B00001F7F for webmaster._.dancepop@zzn.com; Sun, 28 Oct 2007 06:03:26 -0700
    X-Mailer: Microsoft Outlook Express 6.00.2800.1106
    Content-Transfer-Encoding: 7bit
    Flags: \Recent
     
    Please click here to view your Crazy Kitty Card Online.
    (and then there is an IP address of a compromised computer, serving up the virus).

    Please update your anti-virus software immediately and run a scan. (unfortunately, this is a resiliant virus that can evade anti-virus scans). If the e-mail address listed in the "from" field is attached to a particular computer, you will definitely want to disconnect that computer from the Internet until you have removed the infection - either through anti-virus or, if that fails (or the anti-virus program doesn't see the infection) through erasing the hard disk.

    You will also want to educate your staff on the dangers of downloading random programs from the internet. This virus spreads only through people downloading and running it, so it's obvious that someone with access to the infected computer has received the virus through their own actions.

    If you have any questions, please e-mail me back on this address.

    Christopher Lees
    http://bigbolshevik.blogs.friendster.com/a_man_and_his_penguin

I wanted to commit DoS against the IP address that was serving up the page, but that is a seriously bad idea as it gets the whole botnet to do the same thing to you!

I also recieved a Nigerian scam e-mail; I tried a "social engineering attack" by sending them the Storm binary and telling them that my bank account details were in it.. but Hotmail recognised the virus and wouldn't send the message.

EDIT: I used nslookup on the IP address in the Storm e-mail. It resolved to the customer subdomain of a particular Swedish ISP. I have sent an e-mail to their abuse department, giving them all the relevant information, and I hope they chase it up.

October 28, 2007 in Web/Tech | Permalink

                            

TrackBack

TrackBack URL for this entry:
http://blogs.www.friendster.com/t/trackback/755025

Listed below are links to weblogs that reference I got an e-mail from Storm!:

Comments

Post a comment

Sign In

Post a comment

Name:

You are currently signed in as .


About Us | Contact Us | Events | Promote My Profile | Help | Terms of Service | Privacy Policy