Anti Virus Softwares

  • Subscribe to our RSS feed.
  • Twitter
  • StumbleUpon
  • Reddit
  • Facebook
  • Digg

Tuesday, 29 July 2008

FBI & Facebook: Storm Worm gets it all wrong!

Posted on 08:57 by Unknown
The newest version of Storm is out again . . . this time making claims about the FBI and Facebook.

The virus-laden website looks like this:



The subjects of the spam email messages, according to UAB's Spam Data mine, include:

F.B.I. agents patrol Facebook
F.B.I. busts alleged Facebook
F.B.I. Facebook Records
F.B.I. Looks Into Facebook
F.B.I. may strike Facebook
F.B.I. on the Hunt for Facebook users
F.B.I. tries to fight Facebook
F.B.I. wants instant access to Facebook
F.B.I. Watching Hezbollah in Facebook
F.B.I. Watching Possible Terrorists on Facebook
F.B.I. watching us
F.B.I. watching you
Facebook Coming Under F.B.I. Scrutiny
Facebook Coming Under FBI Scrutiny
Facebook's F.B.I. ties
Facebook's FBI ties
FBI bypasses Facebook to nail you
FBI can watch our conversation through Facebook
FBI Facebook Crime Survey
FBI Facebook Records
FBI Looks Into Facebook
FBI may strike Facebook
FBI on the Hunt for Facebook users
FBI tries to fight Facebook
FBI wants instant access to Facebook
FBI Watching Hezbollah in Facebook
FBI Watching Possible Terrorists on Facebook
Get Facebook's F.B.I. Files
Get Facebook's FBI Files
The F.B.I. has a new way of tracking Facebook

Although the earliest versions of the spam pointed to websites by their domain name, including:

CAUTION! VIRUS SITES BELOW!



http://BestValueNews.com/
http://CompanyNewsNetwork.com/
http://FedNewsWorld.com/
http://GoodNewsGames.com/
http://SmartNewsRadio.com/
http://StockLowNews.com/
http://ToplessDailyNews.com/
http://ToplessNewsRadio.com/
http://WapDailyNews.com/

The most recent versions used an IP address instead, such as:

http://24.12.169.217/ Comcast (Chicago)
http://24.152.149.120/ Earthlink
http://24.207.187.180/ Charter Cable
http://64.53.204.29/ WideOpenWest (Naperville, Illinois)
http://67.33.128.195/ AT&T (Atlanta)
http://67.36.183.52/ AT&T (Chicago)
http://68.191.113.190/ Charter Cable
http://68.23.168.178/ AT&T (Chicago)
http://68.51.193.78/ Comcast (Savannah, GA)
http://69.154.54.244/ AT&T (Texas)
http://69.246.107.179/ Comcast (Michigan)
http://70.121.49.136/ Road Runner
http://75.48.238.18/ AT&T (Kalamazoo, Michigan)
http://75.72.106.94/ Comcast (Minnesota)
http://166.82.171.132/ Windstream (Little Rock, Arkansas)
http://208.104.248.17/ Rock Hill Telephone Company (Rock Hill, SC)
http://208.126.51.68/ Butler-Bremer Mutual Telephone (netINS, Inc)

As with most emerging viruses, coverage for this malware in the anti-virus community is quite pathetic at the moment. They will certainly catch up soon, but the current scan at VirusTotal revealed only SIX of Thirty-Three AV products could detect this virus. Detection was not present for any of the leading AV products, including McAfee, Symantec, and Trend Micro. Microsoft also fails to detect at this time.
Email ThisBlogThis!Share to XShare to FacebookShare to Pinterest
Posted in | No comments
Newer Post Older Post Home

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Popular Posts

  • From Russia, With Love . . . new Postcard spam spies on your PC
    Isn't it nice to have friends who send you postcards? The UAB Spam Data Mine is especially fortunate in that way. Beginning the evenin...
  • Happy New Year! Here's a Virus! (New Year's Postcard malware)
    I've been busy this week looking at the various defacements (see ComputerWorld , and ABC News ) and other cyber attacks (see yesterday...
  • ACH Spammer switches to Shortened URLs
    For many weeks now the spammers behind one particular malware family have been fighting a running battle to keep their malware-hosting domai...
  • Tempting Photo Attachments Lead to Fake AV
    One of today's largest malicious spam campaigns continued an occasional theme we've been seeing for a few weeks. A subject line, fo...
  • Indictments reveal $77 Million in Illegal Pill Sales
    Congratulations to the Daytona Beach FBI, US Attorney Robert O'Neill, and their colleagues at IRS and FDA. The Daytona Beach News report...
  • Most Dangerous Cities for Cyber Crime?
    Symantec Riskiest Cybercrime Cities Symantec released a study today in conjunction with Sperling's Best Places today. According to thei...
  • Morocco based "Team Evil" reroutes prominent Israeli websites
    After more than 10,000 websites being defaced in protest of Israeli actions in Gaza, Morrocco-based defacement team "Team Evil" ha...
  • Minipost: Google v. Pacific WebWorks
    I blogged recently about the "Google Jobs" scammers who were abusing Twitter, Blogspot, Google Reader, and spaces.live.com by crea...
  • New Year's Waledac Card
    We haven't seen a new version of Waledac since Independence Day (July 4, 2009), but it looks like its back! I'm on vacation today, s...
  • WIRED: November Jargon Watch & Forensics?
    One of my NASA buddies (hi, Lisa!) dropped by last week for coffee and to catch up on the world of information management. When I introduce...

Categories

  • Blogs
  • Calendar
  • china
  • Communities
  • computer security careers
  • conficker
  • cyberwar
  • digital certificates
  • Drivers
  • email
  • Excel 2007
  • facebook
  • fake av
  • Features
  • Firewall
  • Gadgets
  • gumblar
  • Hardware
  • Hotmail
  • IE7
  • Internet Explorer 7
  • koobface
  • law enforcement
  • malware
  • Microsoft
  • Outlook
  • pharmaceuticals
  • phishing
  • PowerPoint 2007
  • public policy
  • Ready Boost
  • ReadyBoost
  • Security
  • Sidebar
  • Software
  • spam
  • Tutorials
  • twitter
  • twitter malware
  • USB
  • Virtual PC
  • Vista
  • waledac
  • Wallpaper
  • Websites
  • Windows
  • Windows Live
  • Windows Vista
  • Word 2007
  • zbot

Blog Archive

  • ►  2013 (17)
    • ►  November (1)
    • ►  October (1)
    • ►  September (1)
    • ►  August (3)
    • ►  July (1)
    • ►  June (1)
    • ►  May (5)
    • ►  April (3)
    • ►  March (1)
  • ►  2012 (18)
    • ►  August (1)
    • ►  June (1)
    • ►  May (7)
    • ►  April (2)
    • ►  March (7)
  • ►  2011 (28)
    • ►  November (3)
    • ►  October (1)
    • ►  August (4)
    • ►  July (6)
    • ►  June (1)
    • ►  May (2)
    • ►  April (2)
    • ►  March (6)
    • ►  February (1)
    • ►  January (2)
  • ►  2010 (80)
    • ►  December (6)
    • ►  November (10)
    • ►  October (6)
    • ►  September (12)
    • ►  August (5)
    • ►  July (4)
    • ►  June (11)
    • ►  April (7)
    • ►  March (8)
    • ►  February (4)
    • ►  January (7)
  • ►  2009 (93)
    • ►  December (12)
    • ►  November (11)
    • ►  October (16)
    • ►  September (7)
    • ►  July (5)
    • ►  June (10)
    • ►  May (2)
    • ►  April (7)
    • ►  March (7)
    • ►  February (6)
    • ►  January (10)
  • ▼  2008 (109)
    • ►  December (7)
    • ►  November (17)
    • ►  October (12)
    • ►  September (10)
    • ►  August (23)
    • ▼  July (14)
      • FBI & Facebook: Storm Worm gets it all wrong!
      • To Understand the War on Terror: Read This
      • Vista Security Features
      • Top News in Spam = Old News
      • Two Spammers Doing Time and One That Got Away
      • Amero to Replace Dollar? Could Storm Worm Be Right?
      • News Headlines Still Out of Control
      • Russian Cybercrooks, CoreFlood, and the Amazing Jo...
      • 22 More Romanians meet The Long Arm of the Law
      • Nuwar Looks for News Readers?
      • Windows Mail & Calendar
      • Storm Worm Salutes Our Nation on the 4th!
      • 7-11 ATM Hackers (?) - More details
      • July Storm Worm gives us some Love
    • ►  June (3)
    • ►  May (8)
    • ►  April (6)
    • ►  March (2)
    • ►  February (3)
    • ►  January (4)
  • ►  2007 (37)
    • ►  December (3)
    • ►  November (9)
    • ►  October (3)
    • ►  September (2)
    • ►  August (5)
    • ►  July (5)
    • ►  April (2)
    • ►  March (2)
    • ►  February (2)
    • ►  January (4)
  • ►  2006 (5)
    • ►  December (2)
    • ►  October (3)
Powered by Blogger.

About Me

Unknown
View my complete profile