The new storm worm has an April Fool's Day theme. Victims will receive e-mail messages that contain links that direct users to Web sites that contain malware.
Once the files are downloaded and executed on the computer it sets a firewall exception rule and then attempts to 'phone home' using various outgoing ports , The packer and major sections of executable code have changed significantly, indicating that it could be another variant and AV detection for this threat is close to nonexistent.
Currently, this variant of the Storm Worm Trojan is being observed as having the following file names:
• aromis.exe
• foolsday.exe
• funny.exe
• kickme.exe
Subject lines can change at any time, but the following are currently being seen:
• All Fools' Day
• Doh! All's Fool, Doh! April's Fool
• Gotcha!, Gotcha! All Fool!, Gotcha! April Fool!
• Happy All Fool's Day, Happy All Fools Day!, Happy All Fools!
• Happy April Fool's Day, Happy April Fools Day!, Happy Fools Day!
• I am a Fool for your Love
• Join the Laugh-A-Lot!
• Just You
• One who is sportively imposed upon by others on the first day of April
• Surprise!, Surprise! The joke's on you
• Today You Can Officially Act Foolish
• Today's Joke!
The most effective way users can protect against these new threats is with anti-malware products that use behavioral technology. Traditional Anti-virus products, which use signature detection are simply not equipped with this behavioral technology and the threat is currently evading those users' defenses.
As always exercise caution when opening emails and surfing the internet. Don't just click on random links sent to your account via e-mail. Exercise even more caution when that random link is attempting to download a file to your system.
To protect your home Microsoft windows computer you should always practice the following:
• Enable windows update and apply all patches
• Install anti-virus software and keep virus signature files up-to-date.
• Do not open unsolicited email.
• Do not follow unsolicited links.
If you receive this type of e-mail, you should immediately delete it.
No comments:
Post a Comment