Thursday, September 13, 2007

freeNFLtracker.com now in use by Storm worm

Messages just started pouring in with links to http://freeNFLtracker.com/ instead of individual IP addresses. If you can blackhole the DNS, do so immediately to prevent users from being able to resolve the domain.

There is still no exploit code in the webpage, but it probably won't be long before it is included. I'm guessing the current page is so effective at getting users to click and run that there isn't a need for automatic exploitation.

Subject: Are you ready for football season?
Body: Want to know all the stats all the time this season? Get your free NFL Season Tracker!
http://freeNFLtracker.com/

Subject: Are you ready for football season?
Body: Are you ready for tonight's game? How about the whole season? Do you have your NFL Season Tracker?
http://freeNFLtracker.com/

Subject: The season has started
Body: Know every player and every stat, with this years Real-time NFL Tracker.
http://freeNFLtracker.com/

Here's the registrar info for FREENFLTRACKER.COM. For obvious reasons, they're using a privacy service to block the real registrant info.

Registration Service Provided By: LOMTI INC.
Contact: +351.3456712

Domain Name: FREENFLTRACKER.COM

Registrant:
PrivacyProtect.org
Domain Admin (contact@privacyprotect.org)
P.O. Box 65
All Postal Mails Rejected, visit Privacyprotect.org
Monster
null,2680 AB
NL
Tel. +45.36946676

Creation Date: 13-Sep-2007
Expiration Date: 13-Sep-2008

Domain servers in listed order:
ns13.freenfltracker.com
ns12.freenfltracker.com
ns11.freenfltracker.com
ns10.freenfltracker.com
ns9.freenfltracker.com
ns8.freenfltracker.com
ns7.freenfltracker.com
ns6.freenfltracker.com
ns5.freenfltracker.com
ns4.freenfltracker.com
ns3.freenfltracker.com
ns2.freenfltracker.com

No comments: