Overview and Blocking InformationShortly after 0000 GMT 24-DEC-2007 reports came in indicating that the Storm Botnet was sending out another wave of attempts to enlist new members. This version is a Christmas-themed stripshow directing victims to merrychristmasdude.com.
The message comes in with a number of subjects:
Subject: I love this Carol!
Subject: Santa Said, HO HO HO
Subject: Christmas Email
Subject: The Perfect Christmas
Subject: Find Some Christmas Tail
Subject: Time for a little Christmas CheerUpdated subjects:
“Merry Christmas To All”
“Warm Up this Christmas”
“Mrs. Clause Is Out Tonight!”
“The Twelve Girls Of Christmas”
“Jingle Bells, Jingle Bells”
“Cold Winter Nights”The body is something similar to:
do you have a min?
This Christmas, we want to show you something you will really enjoy. Forget all the stress for two min and feast your eyes on these. ;-)
http://merry christmasdude.com/[the domain was interrupted for your protection]
I recommend that you apply blocks on that domain (merrychristmasdude.com) for both outbound HTTP requests and incoming emails.
[Via SANS.ORG]
Well whoever is controlling this bot net doesn’t believe in Christmas! ;P In my Previous Article: Some Important programs to prevent yourself from having viruses, I talked about how to prevent some of this if you don’t want to get a virus or a Bot, go check out it again! There are some important steps to prevent yourself from being compromised.
