- Joined
- Aug 10, 2006
- Messages
- 4,413 (0.69/day)
Processor | Intel Core i7-7700K |
---|---|
Motherboard | ASUS ROG Strix Z270E Gaming |
Cooling | Arctic Cooling Freezer i11 |
Memory | 4x 8GB DDR4 Corsair Vengeance LPX @ 2133MHz |
Video Card(s) | 2x NVIDIA GTX 1080 Ti FEs |
Storage | 512GB SSD, 2x2TB HDD |
Display(s) | AOC U2879VF, AOC G2260VWQ6 |
Case | Corsair 750D Airflow Edition |
Power Supply | EVGA Supernova 850G |
Software | Windows 10 x64 Pro |
JUST LIKE last year, some people are using the Christmas theme to try to break havoc on your machine. Chances are that you might have received -or will receive- a nasty surprise into your mailbox designed to tricking you into installing a trojan.
Since the 24th and at the time of this writing we have received about a dozen messages containing what many people are referring to as the "Merry Christmas Dude" spam message - half a dozen of those, this morning. The senders and subject lines vary, but might include "Mrs. Clause is out tonight!", "Seasons Greetings", "Christmas Email", and "Ho Ho Hos".
The message doesn't contain any payload, but rather an invitation to click on a link which leads to www.merrychristmasdude.com web page, showing pics of scantly clad women with a Christmas theme.
The folks at the ARBOR networks security response team have a detailed report on the payload delivered from the rogue site, and identified it as a variation of the "Storm worm". According to the firm, "An infected host will drop the file C:\WINDOWS\disnisa.exe and stores the peerlist in C:\WINDOWS\disnisa.config" then it opens a random pair of TCP/IP ports, lower the windows firewall settings and "After that, the usual Storm worm mayhem begins."
The domain name leads to a long list of DNS IP addresses, but since last night, the web site appears intermitently unresponsive. That did not prevent the "merry Christmas, dude" e-mail from arriving at people's mail boxes during the 25th. A quick research showed us that while the domain name's contact and administrative information points towards Toronto, Canada the Whois information is served by whois.nic.ru in Russia, indicating the Russian domain registrar was apparently used.
Source: The Enquirer
Since the 24th and at the time of this writing we have received about a dozen messages containing what many people are referring to as the "Merry Christmas Dude" spam message - half a dozen of those, this morning. The senders and subject lines vary, but might include "Mrs. Clause is out tonight!", "Seasons Greetings", "Christmas Email", and "Ho Ho Hos".
The message doesn't contain any payload, but rather an invitation to click on a link which leads to www.merrychristmasdude.com web page, showing pics of scantly clad women with a Christmas theme.
The folks at the ARBOR networks security response team have a detailed report on the payload delivered from the rogue site, and identified it as a variation of the "Storm worm". According to the firm, "An infected host will drop the file C:\WINDOWS\disnisa.exe and stores the peerlist in C:\WINDOWS\disnisa.config" then it opens a random pair of TCP/IP ports, lower the windows firewall settings and "After that, the usual Storm worm mayhem begins."
The domain name leads to a long list of DNS IP addresses, but since last night, the web site appears intermitently unresponsive. That did not prevent the "merry Christmas, dude" e-mail from arriving at people's mail boxes during the 25th. A quick research showed us that while the domain name's contact and administrative information points towards Toronto, Canada the Whois information is served by whois.nic.ru in Russia, indicating the Russian domain registrar was apparently used.
Source: The Enquirer