Earlier today we saw a big increase in e-mails going around with all sorts of interesting subjects, not totally unlike the ones used by the latest Storm.
So far we've seen subjects talking about everything from White House hit by lightning, catches fire to Italy knocked out of Euro 2008 and Nokia unveils revolutionary new phone design. It's a pretty long list of different subjects — too long to list them all here so we've put them in a downloadable TXT file instead.
All of the messages contain a link to different compromised sites which contain the same fake PornTube page. Once there the page displays an error message telling the user that they need to install a Video ActiveX component. The file that gets downloaded is spam trojan that sends out lots of e-mails with links pointing back to the compromised sites.
The list of compromised sites is pretty extensive as well, we've been able to identify 74 different sites so far whereof only a handful have been fixed.
One thing that's not really normal about this case — we first saw the file that gets downloaded, video.exe, over two days ago and already added detection for it then. Why would they send spam promoting an old file? Well, we've seen malware writers do stupid things before.