29 July 2008

After the US vs. Iran Dorf (Storm) spam campaign, the malware authors had taken a short break and the botnet stopped sending their regular campaigns.

Starting a week ago, the authors have renewed their attacks and published 3 campaigns within the last 8 days. On the 21st, we have seen a campaign for the new currency Amero (the North American version of Euro). On the 24th, the often-seen ?loveyou? postcards campaign was launched.

This morning (28th) at 0630 PST, the malware authors launched a FBI vs. Facebook spam campaign. A capture of the latest Dorf website is below, where the link points to the malware executable fbi_facebook.exe:

More: http://www.sophos.com/security/blog/2008/07/1599.html