The Storm Worm malware launched yet another spam campaign promoting links to malware serving hosts, in between a SQL injection related to Storm Worm.These are Storm Worm's latest domains where the infected hosts try to phone back :
cadeaux-avenue.cn (active)
polkerdesign.cn (active)
tellicolakerealty.cn (active and SQL injected at vulnerable sites)
Administrative Email for the three emails : glinson156 @ yahoo.com
Related DNS servers for the latest campaign :
ns.orthelike.com
ns2.orthelike.com
ns3.orthelike.com
ns4.orthelike.com
ns.likenewvideos.com
ns2.likenewvideos.com
ns3.likenewvideos.com
ns4.likenewvideos.com
Storm Worm related domains which are now down :
centerprop.cn
apartment-mall.cn
stateandfed.cn
phillipsdminc.cn
apartment-mall.cn
biggetonething.cn
gasperoblue.cn
giftapplys.cn
gribontruck.cn
ibank-halifax.com
limpodrift.cn
loveinlive.cn
newoneforyou.cn
normocock.cn
orthelike.com
supersameas.com
thingforyoutoo.cn
One of the domains that is injected as an iFrame is using ns.likenewvideos.com as DNS server, whereas likenewvideos.com is currently suspended due to "violating Spam Policy". Precisely.
Related posts:
Social Engineering and Malware
Storm Worm Switching Propagation Vectors
Storm Worm's use of Dropped Domains
Offensive Storm Worm Obfuscation
Storm Worm's Fast Flux Networks
Storm Worm's St. Valentine Campaign
Storm Worm's DDoS Attitude
Riders on the Storm Worm
The Storm Worm Malware Back in the Game
No comments:
Post a Comment