Storm adds YouTube lures

Date:08.25.2007

Threat Type: Malicious Website / Malicious Code

The Storm Trojan / Bot continues to spread and is now using a YouTube video to lure users. The latest version has a variety of subjects and email bodies but now uses the filename video.exe.

Email subject example: Sheesh man what are you thinkin.

Upon connecting to the URL, which is referenced as a YouTube link but is actually a Storm IP, the same exploit code used in past attacks attempts to run. As in the past if users are not vulnerable they will get a page displayed that  requests they run the code manually such as in the screenshot below:

 

Websense users with Security Suites are protected from connecting to the sites with the exploit code and from connecting to the sites that proxy connections back to main Storm servers.