Storm: Now Serving Bad Medicine

January 31st, 2008 by Jake Soriano (Technical Communications)

What is Storm up to these days, you ask?

This time it seems to be sending out the following spammed email message:

Curious victims who click on the link are redirected to fraudulent pharmaceutical sites hosted on nodes in the fast-flux Storm botnet.

Trend Micro researcher David Sancho believes that the fake online pharmacy, which purports to be Canadian, has been a “customer” of Storm for many months now.

The domains involved in this spamming operation seem to be pointing to the same IP, so at first it does not look like a fast-flux network is involved. However, the links in the spammed messages are indeed changing such that detection is harder.

Sancho adds that the fraudulent pharma “company” might only be customers of the spamming operations of Storm, but this is only speculation at this point.

The suspected intention appears to be promotion of the pharma company through the spammed email campaign.

Sancho further warns that Storm is now sending Valentine’s Day-themed messages, too, so it continues to morph.

As of this writing, the links are down and cannot be accessed (well, maybe not all of them).

As always: Users are advised to be ever cautious in clicking links in email messages.

Print Posts
1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 4 out of 5)
Loading ... Loading ...

Subscribe in a reader

Most Recent Posts

Most Popular Posts

Links

Blogroll


Scan for free!