The Storm Worm-ers are keeping themselves busy, with two campaigns in less than a week, following the latest on the 4th of July. Now, they are spreading rumors of a U.S invasion in Iran :"Just now US Army's Delta Force and U.S. Air Force have invaded Iran. Approximately 20000 soldiers crossed the border into Iran and broke down the Iran's Army resistance. The video made by US soldier was received today morning. Click on the video to see first minutes of the beginning of the World War III. God save us."
The campaign is using the following domains :
statenewsworld .com
morenewsonline .com
dailydotnews .com
dotdailynews .com
newsworldnow .com
All registered by the same individual :
ONLINE CO REANIMATOR (dfgdgf@gmail.com)
REVA 13-27 Deribaska 3565,198346 DZ Tel. +321.3568872
Sample detection rate :
iran_occupation.exe
Scanners Result: 4/33 (12.13%)
File size: 118273 bytes
MD5...: 19ab8f1dddb743c1dc2924cb61d3f877
SHA1..: e0915f377020479ba95ffed0fcb07a2b2aec72f4
Storm Worm domains used in recent campaigns, still parked on infected hosts :superlovelyric .com
bestlovelyric .com
makingloveworld .com
statenewsworld .com
wholoveguide .com
gonelovelife .com
loveisknowlege .com
lovekingonline .com
lovemarkonline .com
wholefireworksonline .com
morenewsonline .com
makingadore .com
greatadore .com
yourfireworksstore .com
loveoursite .com
dayfireworkssite .com
musiconelove .com
knowholove .com
whoisknowlove .com
theplaylove .com
lovelifecash .com
wantcherish .com
shelovehimtoo .com
makeloveforever .com
bellestarfireworks .com
yourfireworks .com
worldbestfireworks .com
greatfireworkslaws .com
dailydotnews .com
dotdailynews .com
wholovedirect .com
newsworldnow .com
thefireworksjuly .com
grupogaleria .cn
polkerdesign .cn
nationwide2u .cn
activeware .cn
grupogaleria .cn
likethisone1 .com
lollypopycandy .com
nationwide2u .cn
polkerdesign .cn
verynicebank .com
thefireworksjuly .com
wholefireworksonline .com
worldbestfireworks .com
yourfireworks .com
bellestarfireworks .com
dayfireworkssite .com
greatfireworkslaws .com
yourfireworksstore .com
The "best" is yet to come.
Related posts :
Storm Worm Hosting Pharmaceutical Scams
All You Need is Storm Worm's Love
Social Engineering and Malware
Storm Worm Switching Propagation Vectors
Storm Worm's use of Dropped Domains
Offensive Storm Worm Obfuscation
Storm Worm's Fast Flux Networks
Storm Worm's St. Valentine Campaign
Storm Worm's DDoS Attitude
Riders on the Storm Worm
The Storm Worm Malware Back in the Game
No comments:
Post a Comment