The Storm Worm malware launched yet another spam campaign promoting links to malware serving hosts, in between a SQL injection related to Storm Worm.
These are Storm Worm’s latest domains where the infected hosts try to phone back :
tellicolakerealty.cn (active and SQL injected at vulnerable sites)
Administrative Email for the three emails : glinson156 @ yahoo.com
Related DNS servers for the latest campaign :
Storm Worm related domains which are now down :
One of the domains that is injected as an iFrame is using ns.likenewvideos.com as DNS server, whereas likenewvideos.com is currently suspended due to “violating Spam Policy”. Precisely.
Social Engineering and Malware
Storm Worm Switching Propagation Vectors
Storm Worm’s use of Dropped Domains
Offensive Storm Worm Obfuscation
Storm Worm’s Fast Flux Networks
Storm Worm’s St. Valentine Campaign
Storm Worm’s DDoS Attitude
Riders on the Storm Worm
The Storm Worm Malware Back in the Game