Lousy Storm Distribution

Our users in the Czech Republic are the first to see email spam, and download and run the newest executable from the Storm campaigns.

If you arrive at a web site with “Who is loving you? Do you want to know?”, offering up “mylove.exe”, ignore it. Don’t run the file, which immediately copies “msvecurity.exe” to the windows directory, and works its standard p2p magic from there.

Interesting to note that it connects back to a chinese server on cadeaux-avenue.cn for config information.

This entry was posted in Online Fraud. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>