New Storm attack exploits April Fool's Day

Article

New Storm attack exploits April Fool's Day

Bill Brenner, Senior News Writer

Security experts are warning computer users to beware of malware attacks timed to coincide with April Fool's Day, noting that the keepers of the Storm Trojan have already launched such attacks.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Virus coverage is poor with the samples we've captured, but we're working with the antivirus vendors to improve that.
Stephen Hall,
security researcherSANS Internet Storm Center

Researchers at Helsinki-based F-Secure Corp. said in the company blog that a new wave of April Fool's Day-related Storm mails were spammed out late Monday with a link that points to an IP address. Subject lines carry such messages as "All Fools' Day," Doh! April Fool" and "Surprise! The joke's on you." There appears to be no text in the messages, only the URL that, if clicked, downloads executable files with such names as "foolsday.exe" and "kickme.exe." The files carry the Storm Trojan.

"Virus coverage is poor with the samples we've captured, but we're working with the antivirus vendors to improve that," Stephen Hall, a handler at the Bethesda, Md.-based SANS Internet Storm Center (ISC), said in a message on the SANS ISC blog.

In a follow-up message on the ISC site, handler Joel Esler reminded people to be aware of this and other April Fool's tricks.

Controllers of the Storm botnet have a history of using holidays such as Valentine's Day and news events such as a wave of storms that swept across Europe several months ago to dupe people into opening infected emails.

Meanwhile, victims falling pray to the Pushdo Trojan aren't finding any love. Sunnyvale, Calif.-based network security vendor, Fortinet has been tracking the Pushdo, which continues to spread as a result of a successful eCard spam campaign. The eCard touts nude photographs, random female names and a fake link to relationship sites.

If the victim opens an attachment in the email, "Pushdo.EV cycles through various IP's in an attempt to establish an HTTP session where it will download a rootkit component," Fortinet said in its March threat report. The Pushdo botnet is growing larger and gaining in activity, according to Fortinet security research engineer Derek Manky.