Storm worm has landed on thousands of computers again in the form of an e-card download, the actual payload is zhelatin.pe (a variant of Storm worm) while people think they are actually downloading a recent version of Adobe Media Player. See: http://www.cisrt.org/enblog/read.php?208
Next to the Christmas-e card one is also tempted to download malware through a stripshow from Mrs. Claus. That e-mail has various topics, like for instance “Warm Up this Christmas” or “Your Secret Santa”. The link inside the message is for a website, offering an .exe file.
The domainname used has been registered via nic.ru, and being hosted on a fast-flux network consisting of minimal a 1000 nodes. Just like with other variants the malware binary is being altered every 15 minutes.
This again illustrates the fact that you can’t just click on anything sent your way.
Until this fact is instilled in the average user, there will always be an army of infected
systems to contend with.
If you didn’t ask for it or you can’t verify it’s authenticity, consider it spam regardless
who sent it to you.
I really can get excited about these new variants of an old theme, when common sense and proactive measures would stand you in good stead. We can publish this sort of this on a forums like this and it is likely to have little effect as hopefully those using this forum are already showing a degree of common sense.
Not opening attachments or clicking links in unsolicited emails without checking, checking, checking. VirusTotal, SiteAdvisor, DrWeb link checker, etc. etc.
