A few times over the last week we've posted on how the e-mails used by the Zhelatin/Storm gang have changed, so we weren't too surprised to see them change once again. This time though, they look very different as they talk about "you" having signed up for different services such as MP3 World or Internet Dating.
Subjects we've seen used in the e-mail messages so far are:
Cat Lovers Dated Confirmation Internal Support Internal Verification Login Info Login Information Login Verification Member Confirm Member Details Member Registration Membership Details Membership Support New Member Confirmation New User Confirmation New User Details New User Letter New User Support Poker World Registration Confirmation Registration Details Secure Registration Tech Department Thank You For Joining User Info User Verification Your Member Info Welcome New Member Tech Support Internet Tech Support
And the senders have been:
Bartenders guide Bartenders Guide Coolpics Dog lovers Entertaining pics Entertaining pros Fun World Free ringtones Free web tools Game Connect Internet Dating Job search pros Joke-a-day Mobile Fun MP3 world Net gambler Net-jokes Online hook-up Poker world Resume Hunters Ringtone heaven Web Web cooking Web connects Webtunes Wine Lovers
Once someone visits the website the text has changed a bit. Now it talks about that you need a Secure Login Applet to be able to use the service and the link points to applet.exe which is of course the infected file.
Similar to previous attacks it also uses exploits in an attempt to automatically infect the user when you view the page – so don't do it.
UPDATE: The spam runs of these e-mail messages continues and we've updated the list of subjects and senders used. Feel free to mail us if you've seen any others that we don't have on the list. Use the e-mail address listed at the top of the page.
Thanks to everyone who has sent us updates on the subjects and senders used.