<<<
Tuesday, August 21, 2007
>>>
 
Zhelatin/Storm changes yet again Posted by Patrik @ 02:45 GMT

A few times over the last week we've posted on how the e-mails used by the Zhelatin/Storm gang have changed, so we weren't too surprised to see them change once again. This time though, they look very different as they talk about "you" having signed up for different services such as MP3 World or Internet Dating.

Storm 08.21.2007


Storm 08.21.2007


Subjects we've seen used in the e-mail messages so far are:

   Cat Lovers
   Dated Confirmation
   Internal Support
   Internal Verification
   Login Info
   Login Information
   Login Verification
   Member Confirm
   Member Details
   Member Registration
   Membership Details
   Membership Support
   New Member Confirmation
   New User Confirmation
   New User Details
   New User Letter
   New User Support
   Poker World
   Registration Confirmation
   Registration Details
   Secure Registration
   Tech Department
   Thank You For Joining
   User Info
   User Verification
   Your Member Info
   Welcome New Member
   Tech Support
   Internet Tech Support


And the senders have been:

   Bartenders guide
   Bartenders Guide
   Coolpics
   Dog lovers
   Entertaining pics
   Entertaining pros
   Fun World
   Free ringtones
   Free web tools
   Game Connect
   Internet Dating
   Job search pros
   Joke-a-day
   Mobile Fun
   MP3 world
   Net gambler
   Net-jokes
   Online hook-up
   Poker world
   Resume Hunters
   Ringtone heaven
   Web
   Web cooking
   Web connects
   Webtunes
   Wine Lovers


Once someone visits the website the text has changed a bit. Now it talks about that you need a Secure Login Applet to be able to use the service and the link points to applet.exe which is of course the infected file.

Storm 08.21.2007


Similar to previous attacks it also uses exploits in an attempt to automatically infect the user when you view the page – so don't do it.

UPDATE: The spam runs of these e-mail messages continues and we've updated the list of subjects and senders used. Feel free to mail us if you've seen any others that we don't have on the list. Use the e-mail address listed at the top of the page.

Thanks to everyone who has sent us updates on the subjects and senders used.





<<< International Hacking Competition 2007 at UiTM, Malaysia (iHack 2007)
|
Video - Storm Site >>>