Stormy Halloween
The criminals behind the storm worm are using Halloween as their latest social engineering tool to infect potential victims with malware. Dancing skeletons are being used to persuade users to install an updated version of the storm worm, thereby turning their computers into components of a botnet.
[bild1]
Links to websites are being sent in e-mails with subject lines such as "Happy Halloween" and "Dancing Bones". The malware creators are using previously infected PCs to host websites offering users an executable called "halloween.exe," which promises dancing skeletons. The file is, however, a trojan. According to Sophos, the websites simultaneously attempt to infect computers with the malware via vulnerabilities in older browser versions.
Most anti-virus software already detects the current variant of this virus. Only Avast and Panda slip up:
Anti-virus program | Detection |
---|---|
AntiVir | WORM/Zhelatin.Gen |
Avast! | - |
AVG | Downloader.Tibs |
BitDefender | Trojan.Peed.ING |
ClamAV | Trojan.Peed-39 |
CA eTrust | Win32/Sintun.AK |
Dr Web | Trojan.Packed.193 |
F-Secure | Email-Worm.Win32.Zhelatin.lj |
Ikarus | Email-Worm.Win32.Zhelatin.lj |
Kaspersky | Email-Worm.Win32.Zhelatin.lj |
McAfee | Tibs-Packed trojan |
Microsoft | Trojan:Win32/Tibs.EU |
Nod32 | Win32/Nuwar.Gen worm |
Panda | - |
Sophos | Mal/Behav-146 |
Symantec | Trojan.Packed.13 |
Trend Micro | WORM_ZHELATI.AXD |
However, new, less well detected variants of this and other malware can emerge at any time. In general, users receiving Halloween greetings containing links to websites should exercise caution and should not execute the files. In addition, e-mail programs, browsers and anti-virus solutions should be kept fully up to date so that malware is not able to penetrate systems undetected through vulnerabilities in older versions. Further tips on protection from malware can be found on heise Security's anti-virus pages.
See also:
- Happy HallowEcard, warning from Sophos
- Weather Report For Halloween: High chances of a Storm?, warning from Trend Micro
(mba)