Storm Worm change page and name of malware (valentine.exe)

[Edgar Bangkok]

New layout for storm worm pages with random images gif and valentine.exe malware     

http://edetools.blogspot.com/2008/02/nuova-pagina-per-storm-worm-con.html


many  ip numbers list for test malware  in storm tracker site

http://www.trustedsource.org/TS?do=threats&subdo=storm_tracker


Edgar from Bangkok   

[sowhat-x]

...He,that's kind of funny - didn't knew that MDL guys also have...telepathy abilities!! 
Was doing exactly the same thing yesterday...checking the addresses from TrustedSource,
also mentioned their blog in the 'Malware Analysis Blogs' thread...

Sequencial numbering in .gifs...thanks Edgar,nice work there...as always. 
Quickly checked the domain names (not the dynamic addresses/proxies) from TrustedSource above,
the following ones are missing from the list...

ibank-halifax.com
freshcards2008.com
familypostcards2008.com
happy2008toyou.com
hohoho2008.com
merrychristmasdude.com
newyearcards2008.com
happycards2008.com
happysantacards.com
hellosanta2008.com
newyearwithlove.com
parentscards.com
ptowl.com
tibeam.com
eqcorn.com
ltbrew.com
bnably.com
wxtaste.com
snlilac.com

[Edgar Bangkok]

Today (12 feb in Bangkok Thailand)  the malware valentine.exe and file sony.exe (hosted same page) change many
Virus total dont show problem over this files ( only suspicius file from E SAFE), Report VT is empty.!!!!!!!
Only Sunbelt sandbox find file created from malware. Norman sandbox  and Anubis dont find all.

http://edetools.blogspot.com/2008/02/storm-worm-nullo-virus-total.html



Edgar from Bangkok