[nsp-sec] 112.118.131.58 hosting stormworm download.
Smith, Donald
Donald.Smith at qwest.com
Tue Jun 3 12:02:11 EDT 2008
112.118.131.58 is not showing up in whois from here.
This was being spammed out leading to a stormworm iloveyou.exe.
"Crazy in love with you hxxp://122.118.131.58/" -> stormworm (peacom).
All I saw there was an index.htm file, a gif and the malware.
Short diary about it here:
http://isc.sans.org/diary.html?storyid=4516
Security through obscurity WORKS against some worms and ssh attacks:)
Donald.Smith at qwest.com giac
H8Hz
Donald.Smith at qwest.com giac
This communication is the property of Qwest and may contain confidential or
privileged information. Unauthorized use of this communication is strictly
prohibited and may be unlawful. If you have received this communication
in error, please immediately notify the sender by reply e-mail and destroy
all copies of the communication and any attachments.
More information about the nsp-security
mailing list