Active Storm Worm Domains - Christmas, New Year’s Campaign | Security to the Core

Posted on Wednesday, January 2nd, 2008 | Bookmark on del.icio.us

Active Storm Worm Domains - Christmas, New Year’s Campaign

by Jose Nazario

Based on a bunch of sources:
familypostcards2008.com freshcards2008.com happy2008toyou.com happycards2008.com happysantacards.com hellosanta2008.com hohoho2008.com merrychristmasdude.com newyearcards2008.com newyearwithlove.com parentscards.com postcards-2008.com santapcards.com santawishes2008.com uhavepostcard.com

All of these are worth blocking by DNS methods (become the local SOA, NXDOMAIN them) and looking for in your emails (look for a simple URL with those domain names near the end of a very short email).

Many thanks to the few dozen or so researchers working in this field to help continuously track and report on this new campaign.

UPDATE Added parentscards.com, which is now in use.

This entry was posted on Wednesday, January 2nd, 2008 at 12:15 pm and is filed under Botnets, Malware. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Arbor Networks: Security to the Core

Active Storm Worm Domains - Christmas, New Year’s Campaign

Leave a Comment