In association with heise online

01 April 2008, 10:50

Storm worm on April Fools Day

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

On April Fools day, many users cast aside all precaution and gleefully open joke e-mails and attachments apparently sent both by friends and unknown parties. The criminals behind the Storm worm are exploiting this user behaviour by sending out what seems to be an April Fools e-mail. The last time the Storm worm went on the rampage was on Valentine's Day.

Storm worm joker for April 1st
Zoom The Storm worm promises to provide a file that will make you laugh

The e-mails have subject lines including All Fools' Day, Gotcha! April Fool!, Happy April Fool's Day. and Today's Joke!. The body of the e-mail points to a Web address consisting only of a numeric IP address. Thunderbird warns users twice in succession that the e-mail may be a phishing attack.

Detection rates for this contaminant are miserable, as is so often the case. Only AntiVir (TR/Crypt.XPACK.Gen), BitDefender (Trojan.Crypt.AP), ClamAV (Trojan.Crypted-16), Ikarus (VirTool.Win32.LDE), Sophos (Troj/Dorf-BA) and Symantec (Trojan.Peacomm) detected the contaminant when we checked this morning. Avast, AVG, Dr. Web, F-Secure, Kaspersky, McAfee, Microsoft, NOD32, Norman and Panda could not find it.

This April 1, users are advised to remember standard precautionary measures and not click on any links in e-mails from unknown parties or open any attached files that have not been requested. For more information on how to protect yourself from contaminants, see the antivirus websites at heise Security.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit