While testing IP addresses that had previously been known to serve Storm samples, we came across a nice surprise. Although the Storm network has not yet started to send a new wave of emails, it looks like they are in the process of setting up the sites to handle them, so expect a new wave shortly.
As can be seen in the screenshot below, the site will be using the name Krackin v1.2, so it looks that the Laughing Pyscho Kitty Cat has been put to rest (poor thing).
This time around the executable name is krakin.exe, but apart from the name change, all of the usual storm attributes are there. Upon execution, the victim will join the now infamous Storm P2P Network where their machine may be used for any number of criminal purposes. Not quite “The New Global Sharing Network” that the victim had been hoping for…
Needless to say, Trend Micro proactively detects this file as WORM_NUCRYPT.GEN.