Anti Rootkit Blog

Another domain is being used to host the latest version of the Storm Worm. Millions of emails were spammed out from unsuspecting PC users enticing users to download the malware and rootkit.

If a user clicks on the link they will be shown a page like this,

If they click on the link a file called happynewyear2008.exe will be downloaded.

At this moment in time only 9 out of 32 scanners used by Virustotal can detect the current file as malware.

Here is the whois details for familypostcards2008.com with a hint of humor - registered by Larry Claus…

 Domain name:             FAMILYPOSTCARDS2008.COM
 Name Server:             ns.familypostcards2008.com 66.215.91.63
 Name Server:             ns10.familypostcards2008.com 76.112.151.191
 Name Server:             ns11.familypostcards2008.com 76.107.40.165
 Name Server:             ns12.familypostcards2008.com 193.77.249.129
 Name Server:             ns13.familypostcards2008.com 77.202.25.169
 Name Server:             ns2.familypostcards2008.com 24.210.99.223
 Name Server:             ns3.familypostcards2008.com 66.159.176.149
 Name Server:             ns4.familypostcards2008.com 67.163.236.85
 Name Server:             ns5.familypostcards2008.com 98.196.175.5
 Name Server:             ns6.familypostcards2008.com 71.200.65.128
 Name Server:             ns7.familypostcards2008.com 71.12.160.177
 Name Server:             ns8.familypostcards2008.com 72.134.39.155
 Name Server:             ns9.familypostcards2008.com 98.226.9.190
 Creation Date:           2007.12.29
 Updated Date:            2007.12.29
 Expiration Date:         2007.12.29
 Status:                  DELEGATED
 Registrant ID:           X05O1TC-RU
 Registrant Name:         Larry Claus
 Registrant Organization: Larry Claus
 Registrant Street1:      1874 str.  office 923
 Registrant City:         Los-Angeles
 Registrant State:        CA
 Registrant Postal Code:  320784
 Registrant Country:      US
 Administrative  Technical Contact
 Contact ID:              X05O1TC-RU
 Contact Name:            Larry Claus
 Contact Organization:    Larry Claus
 Contact Street1:         1874 str.  office 923
 Contact City:            Los-Angeles
 Contact State:           CA
 Contact Postal Code:     320784
 Contact Country:         US
 Contact Phone:           1 320 5216723
 Contact E-mail:          larryknower931@yahoo.com
 Registrar:               ANO Regional Network Information Center dba RU-CENTER
 Last updated on 2007.12.30 02: 15: 52 MSK/MSD

We will keep you posted as new Storm Worm domains appear.

Keep Safe,

regards

Steo - www.antirootkit.com

This entry was posted on Saturday, December 29th, 2007 at 11:49 pm and is filed under News, Underground, New Rootkits, E-Cards, peacomm, Analysis, Nuwar. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.