More Fake Video Codec Pages.. Trojan.Delf? Trojan.Zlob? Nope - Storm Worm!
April 8th, 2008 by Steven AdairThere’s a new round of Storm Worm e-mails going around taking advantage of our favorite technique, showing people what looks like a video and telling them they’re missing a codec to view it. Only these guys are using a rather blunt name for the files this time: StormCodec.exe and StormCodec8.exe - Not very subtle for the “Storm” Worm.
Users are lured this time by e-mail that wants them to visit the fast-flux domain “supersameas.com“. You can protect yourself and your organization at this juncture by blocking this domain. Once on the site there is a video looking image in the middle with the following message:
Download it and choose either “Open” or “Run”.
Enjoy your multimedia experience!
The video and download links point to the aforementioned files. Tip: You don’t want Storm Codec on your PC! 
Thanks to Jose from Arbor Networks for pointing out the update to me, otherwise I probably wouldn’t have noticed this until much later.
Posted in Malware, Spam, Storm Worm |
April 9th, 2008 at 12:58 pm
hello,
i downloaded that “worm”, but nothing happend, what is it supposed to do?
April 9th, 2008 at 6:25 pm
Well, if you downloaded the file but did not run it, then nothing should happen. You’d want to just delete the file. However, if you did run the file, you wouldn’t see anything. You might notice your Internet get notably slower. You’ll want to check your WINDOWS folder and your task manager for “aromis.exe” and/or “liibr.exe” running. If these are present, then you’ve infected yourself and need to look to remedy it.