Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Storm Worm - It's Raining E-Cards (example from email inbox)

Lightning Example of the new Storm Worm variant from my in-box ... Please do not click on the numerical IP addresses found in the URL or you will get a malware infection that is very difficult to clean.

 ISC: Riding out yet Another Storm Wave
http://isc.sans.org/diary.html?storyid=3063 

Email  EXAMPLE OF COPY BLOCKED FROM IN-BOX (red text below)


 From: "americangreetings.com" [REMOVED]
 
 
To:
harry@....
 
 
Subject:
You've received a postcard from a family member!
 
 
Date:
Thu, 28 Jun 2007 20:40:01 -0700
 
 Good day.
 
 Your family member has sent you an ecard from americangreetings.com.
 Send free ecards from americangreetings.com with your choice of colors, words and music.
 
 Your ecard will be available with us for the next 30 days. If you wish to keep the ecard longer, you may save it on your computer or take a print.
 
 To view your ecard, choose from any of the following options:
 
 --------
 OPTION 1
 --------
 
 Click on the following Internet address or copy & paste it into your browser's address box.
 
 http://REMOVED/?ee7c634591933434671c16a2e59b1
 
 --------
 OPTION 2
 --------
 
 Copy & paste the ecard number in the "View Your Card" box at
 
 http://REMOVED/
 
 Your ecard number is ee7c634591933434671c16a2e59b1
 
 Best wishes,
 
 Postmaster,
 
 americangreetings.com
 

Comments

Dan said:

What do I do if I have clicked on the link? I didn't notice that it did anything other than bring up an error page. I have updated and run Spybot and Adware without any results.

Thanks.

# July 3, 2007 6:29 AM

Harry Waldron said:

Hi Dan - I'd suggest going to the VirusIntel site referenced below and running some of the free scans, as this is a virus rather than spyware.  If you find a virus, search Google for Nuwar cleaning tools.

If you have the issue of not being able a clean a virus infection, the general advice in this link might help you right away.  Most often a virus cannot be removed message can be resolved by cleaning in SAFE MODE:

HOW TO CLEAN A DIFFICULT VIRUS (Safe mode is the key)

forums.mcafeehelp.com/viewtopic.php

GREAT SITE FOR FREE VIRUS REMOVAL TOOLS

(see left side and ONLINE SCANNERS or FREE REMOVAL TOOLS)

www.virusintel.com/tiki-index.php

# July 3, 2007 10:21 AM

Dan said:

Thanks! I am scanning now.

# July 4, 2007 2:04 PM

Jerry said:

Safe mode to remove it? Doesn't work--this rootkit safe mode, blocks access to logout to change users, blocks the top tab area of task manager. Tricky.

# February 15, 2008 10:20 AM