Unsubtle Storm

Today’s new wave of Storm-related spam continues the love-based theme they started to use recently (subjects include “Somebody loves you”, “I Wanna Be With You” and “I belong to you”, message bodies proclaim “My heart was stolen”, “For you…Sweetheart!”, “Fallen for you” … and the usual variations on a theme).

This time if you follow the link you get a page that looks like this:


The download points to an executable called StormCodec.exe or StormCodec8.exe, depending on whether you click the link in the text or in the image, but both were detected proactively as Troj/Dorf-BA.

The interesting thing is that the author is almost taunting users by using the common name for his malware. “You have no Storm Codec on your PC.” … no, and we hope to keep it that way.