Storm is not gone

Khobe "vulnerability" – no earth shaker

On this quiet Sunday one thing worth mentioning is definitely a new Storm campaign that was spotted in our traps about an hour ago. This time the social engineering technique combines adverts for an alleged pornographic content hosted on a compromised server with a fake anti-spyware software installation.

The campaign is, as usually, seeded by a large number of email messages containing a link to the compromised web server. If the URL link in the Storm email is followed a fake anti-spyware warning will be displayed inside the browser window. The warning looks fairly similar to the genuine Windows alert and may entice the unsuspecting user to install the ‘free’ anti-spyware repair tool.

Soon after the initial fake warning the download of the Trojan will be attempted.

storm20080622_1.jpg

The detection of this variant seems to be quite good from throughout the AV industry. Sophos detects this variant proactively as Mal/EncPk-DA.