Microsoft Windows Vista Community Forums - Vistaheads
Forums Register Donate FAQ PhotoPlog Members List Calendar Arcade Search Today's Posts Mark Forums Read
   
Driver Scanner 2009 - Free Scan Now



Welcome to the Microsoft Windows Vista Community Forums - Vistaheads, YOUR Largest Resource for Windows Vista related information.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so , join our community today!

If you have any problems with the registration process or your account login, please contact us.

Registry Mechanic - Free Scan Now

Anticipated Storm-Bot Attack Begins, (Mon, Dec 24th)

Security News


Click On Your Flag for Translation
Simplified Chinese French Spanish Italian Portugeuse Japanese German Dutch
Reply
 
Thread Tools Display Modes
  #1 (permalink)  
Old 12-24-2007
Steve's Avatar
Steve Steve is offline
Moderator
  
Breakout Champion!
Join Date: Sep 2006
Location: Emerald Isle
Posts: 46,133
Steve is a jewel in the roughSteve is a jewel in the roughSteve is a jewel in the rough
Thanks: 7
Thanked 24 Times in 11 Posts
Anticipated Storm-Bot Attack Begins, (Mon, Dec 24th)
Shortly after 0000 GMT 24-DEC-2007 reports came in indicating that the Storm Botnet was sending out another wave of attempts to enlist new members. This version is a Christmas-themed stripshow directing victims to merrychristmasdude.com.
The message comes in with a number of subjects:

Subject: I love this Carol!

Subject: Santa Said, HO HO HO

Subject: Christmas Email

Subject: The Perfect Christmas

Subject: Find Some Christmas Tail

Subject: Time for a little Christmas Cheer
The body is something similar to:
-)

http://merry christmasdude.com/

[the domain was interrupted for your protection]
Thanks Kevin for the initial report.
I recommend that you apply blocks on that domain (merrychristmasdude.com) for both outbound HTTP requests and incoming emails.

Kevin Liston (kliston -at- isc.sans.org)

More...
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Sponsored Links
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is On
Trackbacks are On
Pingbacks are On
Refbacks are Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Responding to a file-parsing application attack, (Mon, Dec 17th) Steve Security News 0 12-17-2007 10:30
Security Resolutions 2008, (Mon, Dec 10th) Steve Security News 0 12-10-2007 16:40
Estonian Defense Minister Comments, (Mon, Dec 3rd) Steve Security News 0 12-03-2007 19:40
Web Application Security Followup: Password Strength, (Mon, Sep 24th) Steve Security News 0 09-24-2007 23:51
Financial Website Security, (Mon, Sep 24th) Steve Security News 0 09-24-2007 13:41


All times are GMT +1. The time now is 06:26.
Privacy Policy - Contact Us - Microsoft Windows Vista Community Forums - Vistaheads - Archive - Top

Registry Mechanic - Free Scan Now
Driver Scanner 2009 - Free Scan Now




Design by Vjacheslav Trushkin for phpBBStyles.com.
Powered by vBulletin® Version 3.6.7
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Search Engine Optimization by vBSEO 3.0.0

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119