[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Odd tor spam - Storm Worm
Good write-up of the Tor storm worm variant at f-secure blog
http://www.f-secure.com/weblog/#00001272
For those not tracking the storm worm... this has been one of the
most prolific worms of recent months. It's the same thing behind the
fake youtube emails, e-greeting card infections and the various
"account confirmation" attacks (eg online gambling account
confirmation) , etc.
More about storm
http://en.wikipedia.org/wiki/Storm_Worm
http://it.slashdot.org/it/07/08/26/1558245.shtml
hi all,
I've just received a really odd spam which try to "educate" to the use of
tor as an attack vector.
Here's the body of the mail (turn off javascript before trying to visit
that link ;-) ):
-8<-8<-8<-
Do you trade files online? Then they will come after you. Read the news on
RIAA and what they are doing to everyone they find. Tor will keep them
from finding you. Keep the internet private and down load our program for
free. <a
href="http://69.255.111.145/">Download Tor</a>
-8<-8<-8<-
A quick "strings" on their version of tor.exe shows something like
"RealShellExecuteA" and similar stuff.