Malicious Website / Malicious Code: Storm Tactics Change, Fake NFL Site

September 13, 2007

Websense Security LabsTM has received several reports of a new Web site that is being distributed in spam that is being sent out by those running the Storm attacks. For more details on the Storm attack (http://www.websense.com/securitylabs/blog/blog.php?BlogID=141).


This site poses as an NFL Web site and includes statistics from last weeks games. The statistics are from last week's games and appear to be accurate. No exploit is on the site itself. However, when users click any of the URLs, they are prompted to download and run a file called "nflseasontracker.com." This file contains the Storm payload code.


The site was up and running the time of this alert.


Sample email text:

Get on top of tonight's game with your FREE NFL Season tracker!
http://removed/


Web site screenshot:

More: http://www.websense.com/securitylabs/alerts/alert.php?AlertID=805