For the inbound spam I received over the past several days, 100% of what used to be spam for VPXL (or its bogus new names "PowerEnlarge" or "MaxGain+") is now spam promoting hijacked websites which will attempt to infect you with the Storm worm. But the idiot who's sending it has confused his subject lines and message bodies. More on that later.
Check out this utterly retarded listings of "headlines" the criminals behind the Storm Worm want us to believe are true. (Subject line and body are in sequential order):
Subject lines:
- Even politicians need a day off
- Cheap fuel available in Texas
- Dark Knight free tickets up for grabs
- Barack Obama pulls out from Presidential Race
- Orgies discovered in Hollywood
- Baby borned with 2 privates
- Barack Obama graft trial begins
- Afghan captial in mourning
- Stray javelin kills promising US sprinter
- Charred bodies found near White House
- Obama's karma over slip of tongue
- Local family found hidden gold
- Best prediction for upcoming lottery
- Bomb scare in JFK causes delays
- Google-Yahoo merger announced
- Microsoft takes over Yahoo Inc
Message Bodies:
- Osama bin Laden spotted in Texas, vows revenge on US
- China pulls out of hosting 2008 Olympic games
- Picture of boss doing secretary
- Floods in Bahamas claims hundreds of lives
- Women love it long and hard up their love hole.
- Don't let your kids out late - 12 juveniles missing in Connecticut
- Hilary Clinton screams bloody murder over loss, vows revenge on Obama
- All the best techniques to bed a girl recordered right here.
- Tasty come is very important to women, enhance its flavor here
- She likes her kitty stretched and do you have the capability to do it?
- Dying for a flaming hottie, ram the slutty devil tills she cry foul.
- Guess the right number and win 10000
- Magic Johnson dies of AIDS at 49
- Global warming declared a hoax by US Senate
- Louis Vuitton gives out free bags to poor in New York
- Celebrity blogger reveals all
This is to the tune of several hundred messages received per day.
In every single case: these are obvious, outright lies. Not only that: they're extremely poor attempts at outright lies. I know of six-year-olds who would be far more convincing at writing this stuff.
If they genuinely wanted to pique the public's interest in actual, legitimate news (something they were trying before by referring to genuine news stories, claiming that you would be downloading a video) then maybe I wouldn't be so pissed off at receiving this crap. But if they have to stoop to outright bold-faced lies, with no care whatsoever that they be taken the slightest bit seriously, I think I have to ask: who are you idiots who keep clicking on these stupid links in these emails?! How out of touch are you, exactly?
Are you that disconnected that you seriously believe that Osama Bin Laden would actually expose himself to the media in Texas? Or that after the past year and a half of campaigning (and millions of dollars spent,) that Barak Obama would pull out of the US presidential race? And what legitimate news service would ever use the word "borned" in an actual headline?
Who are you people?!
Note also that in several cases this complete moron of a mailer has confused his subject lines for the Storm worm, with message bodies promoting VPXL or PowerEnlarge. It's so obvious that this is the same mailer that it might as well be considered a fingerprint. And in the last case, the subject and body are identical to those for a VPXL spam message received last month. But the link is pointing to a storm site (again: a hijacked site, which has illegally been used for this purpose.)
Here's a sampling (far from complete I'm sure) of the infected servers which are being used in today's spam attacks promoting the Storm worm:
- http://activiteitenclubs.info/
- http://tatianavidal.com.br/
- http://www.asto.sk/
- http://www.stirparo.net/
- http://laovejanegraylg.com/
- http://sweetcharitygifts.org/
- http://dc-nfz.de/
- http://www.testforum.familien-cafe.de/
- http://sohodesign-ec.com/
- http://www.noniforlife.de/
- http://neoma-interactive.com/
- http://franjaderecho.com.ar/
- http://216.120.229.16/
- http://def.livenet.pl/
- http://solscreen.com/
- http://test-djs.com/
I'm omitting any mention of the target html or exe files which the Russian group has placed on all of these sites. (If you've received these messages, you know what they are already.)
In every case, the resulting page is attempting to mimic the infamous "PornTube" website, featuring what appears to be an underage nude female and several completely bogus (but still offensive) comments. It's most definitely not safe for work, and it's an unconvincing template.
Speaking of which:
If you actually were stupid enough to click on one of these links, assuming you'd be seeing news footage of "floods in the Bahamas": why on earth would you continue to allow this download to take place even after you discovered (essentially) that the site was instead pornographic?
Why are you people using a computer at all?
If you are reading this and you are the operator of one of these domains, you should be aware that the spammer behind this (or more likely his sponsor) have complete control over your server. If you're the ISP who is hosting one of these sites: you should really upgrade your systems.
You can discover a variety of methods this criminal group has used to gain full access to your web server at the following url:
http://www.malwaredomainlist.com/forums/index.php?topic=1878.0
That research is ongoing of course.
Spammers and their supporters love to boast about how stupid Westerners are (or basically: non-Russian's / non-Romanian's.) If you've gotten infected by knowingly clicking on links in these completely idiotic messages: you are only proving their point.
I have to ask again: Who are you people?!
Stop clicking on links within spam messages!! Whenever you do so, you are supporting known criminal organizations. Turn your computer off now.
Honestly, people...
SiL / IKS / concerned citizen