All You Need is Storm Worm's Love

The Storm Worm malware launched yet another spam campaign promoting links to malware serving hosts, in between a SQL injection related to Storm Worm.

These are Storm Worm’s latest domains where the infected hosts try to phone back : (active) (active) (active and SQL injected at vulnerable sites)
Administrative Email for the three emails : glinson156 @

Related DNS servers for the latest campaign :

Storm Worm related domains which are now down :

One of the domains that is injected as an iFrame is using as DNS server, whereas is currently suspended due to “violating Spam Policy”. Precisely.

Related posts:
Social Engineering and Malware
Storm Worm Switching Propagation Vectors
Storm Worm’s use of Dropped Domains
Offensive Storm Worm Obfuscation
Storm Worm’s Fast Flux Networks
Storm Worm’s St. Valentine Campaign
Storm Worm’s DDoS Attitude
Riders on the Storm Worm
The Storm Worm Malware Back in the Game

Author: Dancho Danchev

Leave a Reply

Your email address will not be published. Required fields are marked *