Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Internet Security | DShield SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Anticipated Storm-Bot Attack Begins

Shortly after 0000 GMT 24-DEC-2007 reports came in indicating that the Storm Botnet was sending out another wave of attempts to enlist new members.  This version is a Christmas-themed stripshow directing victims to

The message comes in with a number of subjects:


Subject: I love this Carol!
Subject: Santa Said, HO HO HO
Subject: Christmas Email
Subject: The Perfect Christmas
Subject: Find Some Christmas Tail
Subject: Time for a little Christmas Cheer

The body is something similar to:


do you have a min?

This Christmas, we want to show you something you will really enjoy. Forget all the stress for two min and feast your eyes on these. ;-)



[the domain was interrupted for your protection]

Thanks Kevin for the initial report.

I recommend that you apply blocks on that domain ( for both outbound HTTP requests and incoming emails.

Kevin Liston (kliston -at-

Kevin Liston

292 Posts
ISC Handler
Dec 24th 2007

Sign Up for Free or Log In to start participating in the conversation!