Several websites offer a YouTube-look-alike streaming video that is actually a link to Storm trojan. The infection vector is specially crafted and spread via love related blogs. This time, users are required to download the so-called Storm Codec in order to view the said video.
The said “codec” is actually a NUWAR/Storm variant, which Trend Micro already detects as WORM_NUWAR.JQ since April 2.
The social engineering tactic of using video codecs is familiar. ZLOB Trojans became infamous because of it. The Storm gang’s attempt to venture into the said codec “business” raises speculations whether they are now in partnership with the ZLOB authors, or that they are trying to take over ZLOB’s niche. Maybe the gang is just trying to reaffirm to their competition that they’re still the one to beat.
Users are advised to be wary when visiting Web sites or blogs, especially those that require installation or execution of files. Video files, especially those posted online, almost always do not require video codecs anymore, lest they lose the much coveted site traffic to other sites.
More on CyberInsecure: