I'n Blog 之萬象真藏

A few times over the last week we've posted on how the e-mails used by the Zhelatin/Storm gang have changed, so we weren't too surprised to see them change once again. This time though, they look very different as they talk about "you" having signed up for different services such as MP3 World or Internet Dating.

Subjects we've seen used in the e-mail messages so far are:

   Cat Lovers
   Member Details
   Membership Support
   New Member Confirmation
   Poker World
   Tech Department

Once someone visits the website the text has changed a bit. Now it talks about that you need a Secure Login Applet to be able to use the service and the link points to applet.exe which is of course the infected file.

Similar to previous attacks it also uses exploits in an attempt to automatically infect the user when you view the page – so don't do it.

Thanks to 'ew' and Ryan for updates on the subjects used.