this time using blogs and youtube.com as a phishing front.
The victim reads a blog and sees a link to a funny YouTube video. Who
wouldn't click that, right? The link leads not to youtube, but to a
phishing site which hand-crafts a page based on the browser and
version, putting an exploit right in there with the HTML.
How to get infected in Windows:
See an interesting blog, click the link. Presto! You've got Storm!
How to get infected in Ubuntu:
Quoted from http://www.gnu.org/fun/jokes/evilmalware.html
1. Put the attachment into the appropriate directory eg. /usr/src
2. Type `tar xvzf evilmalware.tar.gz' to extract the source files for
this virus.
3. `cd' to the directory containing the virus's source code and type
`./configure' to configure the virus for your system. If you're
using `csh' on an old version of System V, you might need to type
`sh ./configure' instead to prevent `csh' from trying to execute
`configure' itself.
4. Type `make' to compile the package. You may need to be logged in as
root to do this.
5. Optionally, type `make check_payable' to run any self-tests that come
with the virus, and send a large donation to an unnumbered Swiss bank
account.
6. Type `make install' to install the virus and any spyware, trojans
pornography, penis enlargement adverts and DDoS attacks that
come with it.
7. You may now configure your preferred malware behaviour in
/etc/evilmalware.conf .
Sometimes ease of use is not what you want...