As we had already forecast last month, Storm is already sending their Valentine greetings this week. The owners of this powerful botnet are doing as much as possible to keep their size up. This includes spamming people with messages containing plain text and making them click on malicious links. They may arrive looking like these two email messages: This time around, the messages are of love. The spammed messages contain a link that leads to malicious Web sites displaying one of eight ...

Malicious intent may be involved as malware authors use the Brazilian telecom carrier TIM in their latest scam to deliver malware. Trend Micro researchers have come across the following site, supposedly from the telecom company: http://{BLOCKED}rfilho.sites.uol.com.br/___http://www.tim.com.br/downloads/MMS/VideoMensagens/VideoMensagem.html The site invites the user to see a video clip sent to him/her by the video message service offered by TIM. However, the site tries to download an ActiveX component that most probably contains malicious code. The source of the downloaded file is deeply buried within ...

Storm certainly served as inspiration to yet another growing botnet dubbed Mega-Dik. Speculations are afloat that the said botnet could be behind the recent spamming campaign that floods user inboxes with ads on male enhancements and replica watches. These spammed messages have links to Mega-Dik.com. Trend Micro Senior Threat analyst Jamz Yaneza believes that the product MegaDik is a scam. Researchers are divided in their views regarding this said botnet. Marshal reports that Mega-Dik was responsible for more than a third of ...

Trend Micro Senior Threat Researchers Paul Ferguson, David Sancho, and Feike Hacquebord discovered a spammed email message containing a link to the fake Canadian Pharmacy Web site. Below is the email message body and screenshot of the said site that appears upon clicking the link: Best online drugstore since 1996. Your Coupon #SQzYB. Save 86% Visit us. alaric dexter Sancho deduced that the site rides on a fast-flux network that most likely belongs to the Storm botnet owners. "Storm has been sending ...

The Storm botnet may have inspired a following. TrendLabs recently came across a HTTP botnet which sends spam, and sends a report card of its spamming success as well. Compared to Storm, the botnet -- which has been dubbed the "Mayday" botnet -- has a smaller sized network of compromised systems, but this could be due to the fact that it is new. The botnet shows signs of using a P2P-like system for some of its routines, similar to Storm, and connects ...