The email Storm Trojan has changed direction by taking on a Football theme by advertising a "game tracking system". Sample subject lines include:
Are you ready for football season?
Are you ready for some football?
Do you have your NFL Game List?
Football Fan Essentials
Football Season Is Here!
FOOTBALL! Are You ready?
Free NFL Game Tracker
Get Your Free NFL Game Tracker
NFL Game List
NFL Season Is Here!
The email body is plain text, and as usual with Storm, contains a URL link with a simple IP address:
More recently, we have also seen examples that use a domain instead of the IP address.
The use of domains is a significant development as previous Storm emails used IP addresses almost exclusively. Successive DNS queries of this domain results in differing IP addresses being returned. The Storm gang are using thier own "fast flux network" to ensure the domain resolves to a wide range of IP addresses.
If you click on the link it will take you to a website that may attempt to exploit vulnerabilities in your browser. Again, the Storm gang have upped the ante with an elaborate fake website with authentic looking layout and images. The many links on this site prompts you to download the malicious Storm Trojan (also called Zhelatin), in this case the file is called 'tracker.exe'.
As before, be wary of clicking on links in any unsolicited email, and in light of these recent Storm attacks, be doubly suspicious of any links with an IP address.
MailMarshal customers should note the current SpamCensor is detecting these messages as spam and no further action is necessary.
