NEWS FROM THE LAB - Wednesday, October 17, 2007

The New Global Storming Network Posted by Ian @ 20:32 GMT

A new Storm site advertises a networking application. That site looks like this:


However, a mere visit to the site using an unpatched system will trigger an exploit to automatically download and execute a malicious file. Patched systems are protected but only if the users do not choose to download the file (with filename krackin.exe) and execute it themselves.

The webpage is detected as Trojan-Downloader.JS.Agent.KD while the file is detected as Email-Worm.Win32.Zhelatin.KE.

This is one network you wouldn't want to join, so make sure to keep your databases updated.