New Storm, Old Song

The new Storm (the “April Fool’s” one), also known as a CME-711/Peacomm/Nuwar/Zhelatin/Tibs, uses a cheap trick of dropping and loading a DLL named testdll_f.dll, where now all Storm’s functionality resides.

Interestingly enough, ThreatExpert Memory Scanner detected and reported the new Storm with the stone-age memory signatures, as shown below:

ThreatExpert Automation was tweaked to report the new Storm in a more efficient way.

Now, the details of the peer-to-peer botnet used by this threat are enlisted, alone with the file extensions it considers for harvesting email addresses and the email addresses it avoids touching.

For more information, please review the latest ThreatExpert report.

This entry was posted in Online Fraud. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>