0 Replies Latest reply on Apr 1, 2008 10:14 AM by HarryWaldron

    Storm Worm - April Fools version circulating

      Folks should delete these messages and avoid selecting any links, malware can be automatically and silently installed on vulnerable PCs. McAfee has added protection according to the AVERT link below

      Storm Worm - April Fools version circulating
      http://isc.sans.org/diary.html?storyid=4222
      http://www.avertlabs.com/research/blog/index.php/2008/03/31/nuwar-isnt-fooling-a round/
      http://sunbeltblog.blogspot.com/2008/03/heads-up-storm-worm-using-april-fools.ht ml
      http://blog.trendmicro.com/jokes-on-you/
      http://www.f-secure.com/weblog/archives/00001410.html
      http://asert.arbornetworks.com/2008/03/april-storms-day-campaign/

      QUOTE: Well, it's that time again. April Fools day tomorrow and prime time for those in control of the Storm botnet. Again a various list of subjects come with this release:

      All Fools' Day
      Doh! All's Fool.
      Doh! April's Fool.
      Gotcha!
      Gotcha! All Fool!
      Gotcha! April Fool!
      Happy All Fool's Day.
      Happy All Fools Day!
      Happy All Fools!
      Happy April Fool's Day.
      Happy April Fools Day!
      Happy Fools Day!
      I am a Fool for your Love
      Join the Laugh-A-Lot!
      Just You
      One who is sportively imposed upon by others on the first day of April
      Surprise!
      Surprise! The joke's on you.
      Today You Can Officially Act Foolish
      Today's Joke!

      The download is a binary, also with varying names:

      foolsday.exe
      funny.exe
      kickme.exe

      While anti-virus protection was 18% at the time of the sample, this trend will improve as AV vendors respond to this new threat.


      Storm Worm (Poor coverage by AV vendors of 18% at time of sample)
      http://www.virustotal.com/analisis/4d97cff275c54b27495081c150afb4cd