Today I looked at a Valentine's Day eCard scam, and it was like unexpectedly bumping into an old friend...
I got this URL, yourgreatlove.com (**** DON"T GO THERE!!!!! IT MIGHT BE STILL LIVE AND DANGEROUS**** ) from the the malwarebytes forum (malwarebytes.org/forums/index.php?showtopic=11109) , and given that it was valentine's day malware, I thought I'd take a closer look, and I saw this screen...
I thought "That's Storm!... Haven't seen that for ages". Now, it might well have been around and I just haven't been paying attention, and I'm pretty sure it's what most people call the Waldec botnet, but it was fun to think "Oh, I know what you are!"
They've updated their crypto and their exploit set, but they still try to trick you into downloading something if the exploits don't get you first, and here's the current exploit list that they throw, hoping something will stick ...
MS Dbg Clr
Vis Stuidio DTE
Microsoft Update Web Control
Outlook Data Object
Business Object Factory
NCT Audio File
Yahoo webcam/Messenger - June 2007
Real Player - March 2008
Creative Labs - May 2008
CA List Ctrl
Yahoo webcam - June 2007
Kingsoft update ocx - Apr 2008
MySpace uploader ocx - Feb 2008
WebEx mtg manager - Aug 2008
Of course, if they nail you, you become part of the botnet, as well as giving up your identity and bank account.
Anyway, it was a deja vu moment. These guys show a pretty fair understanding of current events, and US holidays, so the next thing we'll probably see is an Easter version, unless something newsworthy happens... disaster photos of Australian bushfires maybe?
Keep safe folks,
OFFTOPIC - REQUEST FOR HELP
My wife and son have managed to get a song in the final 15 for the annual NSAI Country Music Television awards. This is out of several thousand entries. They have two chances to win. The first is the judged portion, which is conducted by CMT.com themselves, but the second is a public vote. It's a big opportunity for them.
Their song is "I found everything" by Kate and Ben Thompson, and you can vote for them (as often as you'd like) at http://nsai.cmt.com . I've resisted the temptation to enlist a botnet :-) but would like to help them win.
Please consider voting for them, and please ask five of your friends to.
Thanks in advance