Storm is not gone

On this quiet Sunday one thing worth mentioning is definitely a new Storm campaign that was spotted in our traps about an hour ago. This time the social engineering technique combines adverts for an alleged pornographic content hosted on a compromised server with a fake anti-spyware software installation.

The campaign is, as usually, seeded by a large number of email messages containing a link to the compromised web server. If the URL link in the Storm email is followed a fake anti-spyware warning will be displayed inside the browser window. The warning looks fairly similar to the genuine Windows alert and may entice the unsuspecting user to install the ‘free’ anti-spyware repair tool.

Soon after the initial fake warning the download of the Trojan will be attempted.


The detection of this variant seems to be quite good from throughout the AV industry. Sophos detects this variant proactively as Mal/EncPk-DA.