If you’ve got kids, don’t let them download any free games today. Oh yeah, you too.
It appears that the storm gang is now shifting their focus from football fans to children. This perpetual effort is changing, but its social engineering tactics appear to remain effective.
Today, an email arrived with the offer of 1000+ free games, here is the gimmick:
Subject: 1000 free games!
Message: “1000 plus games for free… Check it out hxxp://70.xxx.xxx.x3/”
If you receive this email message, DO NOT click on the link. The web site identifies your browser (IE, Firefox, Opera) and delivers a matching and reliable exploit with multiple malicious payloads. If your browser and component plugins are fully patched, all of the images are linked to their malicious downloader “ArcadeWorld.exe”. This exe is related to the same bunch of malicious executables that no one wants on their system. We have seen variants of them since at least January (and possibly last November) from these guys — rootkits, unwanted p2p components joining your system to a botnet, downloaders for pulling down more malware, DDoS components to make your the victim’s system an attacker, and spam mailer components. DO NOT run this file.
Here is an image of the website. DO NOT visit it:
