The prolific Storm malware is on the attack again, according to the folks at the SANS Internet Storm Center (ISC). ISC handler Lorna Hutcheson wrote on the storm center Web site that the latest email attack includes a subject line that says “You’ve received a postcard from a family member!” From there, variations of the email text are as follows (WARNING: DO NOT CLICK ON THE URLs BELOW):
Click on the following Internet address or
copy & paste it into your browser’s address box.
Copy & paste the ecard number in the “View Your Card” box at
Your ecard number is 08a823e96272575cbcxxxx
MD5 (tm.exe) = 07276fce39282fd182757d2557f9eca7 which is a downloader that gets this:
MD5 (logi.exe) = 4aa22564a0b886226d8cf14456a598ab
Here is what a user would see:
“We are currently testing a new browser feature. If you are not able to view this ecard, please click here (/ecard.exe) to view in its original format.”
From there, the ISC lists a bunch of other code variations and a long list of compromised home machines being used in the attacks.
This is just another reminder not to click emailed URLs if they don’t come from a trusted source.