Not-So "Breaking News"
The spoofed CNN and MSNBC messages from last week have altered a bit, taking on a more generic approach.
The subject of the message is still: BREAKING NEWS.
Michael has been tracking these botnets for a while, his work is available here: http://www.vivtek.com/projects/despammed/stormspam.html.
Like the others, this first stage is a downloader, still readching out to 66.199.240.138 to get the rest of the goodies. Unlike the previous waves, the first executable is named install.exe instead of adobe_flash.exe. So there's a little something different to search for in your proxy logs.
-KL
Keywords:
3 comment(s)
×
Diary Archives
Comments
Michael
Aug 18th 2008
1 decade ago
Michael
Aug 18th 2008
1 decade ago
Michael
Aug 19th 2008
1 decade ago