In association with heise online

31 October 2007, 12:27

Stormy Halloween

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The criminals behind the storm worm are using Halloween as their latest social engineering tool to infect potential victims with malware. Dancing skeletons are being used to persuade users to install an updated version of the storm worm, thereby turning their computers into components of a botnet.


Links to websites are being sent in e-mails with subject lines such as "Happy Halloween" and "Dancing Bones". The malware creators are using previously infected PCs to host websites offering users an executable called "halloween.exe," which promises dancing skeletons. The file is, however, a trojan. According to Sophos, the websites simultaneously attempt to infect computers with the malware via vulnerabilities in older browser versions.

Most anti-virus software already detects the current variant of this virus. Only Avast and Panda slip up:

Anti-virus program Detection
AntiVir WORM/Zhelatin.Gen
Avast! -
AVG Downloader.Tibs
BitDefender Trojan.Peed.ING
ClamAV Trojan.Peed-39
CA eTrust Win32/Sintun.AK
Dr Web Trojan.Packed.193
F-Secure Email-Worm.Win32.Zhelatin.lj
Ikarus Email-Worm.Win32.Zhelatin.lj
Kaspersky Email-Worm.Win32.Zhelatin.lj
McAfee Tibs-Packed trojan
Microsoft Trojan:Win32/Tibs.EU
Nod32 Win32/Nuwar.Gen worm
Panda -
Sophos Mal/Behav-146
Symantec Trojan.Packed.13
Scan results from AV-Test.

However, new, less well detected variants of this and other malware can emerge at any time. In general, users receiving Halloween greetings containing links to websites should exercise caution and should not execute the files. In addition, e-mail programs, browsers and anti-virus solutions should be kept fully up to date so that malware is not able to penetrate systems undetected through vulnerabilities in older versions. Further tips on protection from malware can be found on heise Security's anti-virus pages.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit