New Storm attack exploits April Fool's Day

Security organizations are keeping an eye out for April Fool's-inspired attacks. The keepers of the Storm Trojan are already launching such attacks, researchers warn.

Security experts are warning computer users to beware of malware attacks timed to coincide with April Fool's Day, noting that the keepers of the Storm Trojan have already launched such attacks.

Virus coverage is poor with the samples we've captured, but we're working with the antivirus vendors to improve that.
Stephen Hall,
security researcherSANS Internet Storm Center

Researchers at Helsinki-based F-Secure Corp. said in the company blog that a new wave of April Fool's Day-related Storm mails were spammed out late Monday with a link that points to an IP address. Subject lines carry such messages as "All Fools' Day," Doh! April Fool" and "Surprise! The joke's on you." There appears to be no text in the messages, only the URL that, if clicked, downloads executable files with such names as "foolsday.exe" and "kickme.exe." The files carry the Storm Trojan.

"Virus coverage is poor with the samples we've captured, but we're working with the antivirus vendors to improve that," Stephen Hall, a handler at the Bethesda, Md.-based SANS Internet Storm Center (ISC), said in a message on the SANS ISC blog.

In a follow-up message on the ISC site, handler Joel Esler reminded people to be aware of this and other April Fool's tricks.

Controllers of the Storm botnet have a history of using holidays such as Valentine's Day and news events such as a wave of storms that swept across Europe several months ago to dupe people into opening infected emails.

Meanwhile, victims falling pray to the Pushdo Trojan aren't finding any love. Sunnyvale, Calif.-based network security vendor, Fortinet has been tracking the Pushdo, which continues to spread as a result of a successful eCard spam campaign. The eCard touts nude photographs, random female names and a fake link to relationship sites.

If the victim opens an attachment in the email, "Pushdo.EV cycles through various IP's in an attempt to establish an HTTP session where it will download a rootkit component," Fortinet said in its March threat report. The Pushdo botnet is growing larger and gaining in activity, according to Fortinet security research engineer Derek Manky.

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.