(Credit:
Jose Nazario, Arbor Networks)
Don't click on that silly April Fools' Day e-mail, says one security expert.
In a blog, Arbor Networks' Jose Nazario reports that within the last 24 hours he's seeing new releases of the Storm worm designed to take advantage of the first day of April. This new spam campaign is a lure to infect new computers that will become part of the larger Storm worm botnet.
The e-mail body is spartan: the words "Doh! April Fools" followed by a numeric URL. If a user clicks on that URL, the default Internet browser will open to a page with a cartoon character. A download is supposed to start within five seconds and, according to the message, "If your download does not start, click here and then press 'Run.'"
The compromised computer will then install the downloaded file as C:\WINDOWS\aromis.exe. Nazario reports that the botnet file opens the firewall using the netsh firewall set command, makes a lot of outbound connections, then listens on a random UDP port.
The FBI is warning that Valentine's Day e-mails you see this year might be coming not from loved ones, but from the Storm worm botnet. In a press release Tuesday, the FBI warns users to be on the lookout for e-mail that "directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet-connected device and causes it to become infected and part of the Storm worm botnet."
Dr. Jose Nazario of Arbor Networks said the authors of Storm have launched a carefully orchestrated series of lure campaigns to bring new members into the network. One of them is Valentine's Day-themed. Nazario said the creators of Storm have in recent weeks "grown the network by as much as 50 percent."
Nazario blamed fresh spam and incomplete antivirus protection on users' desktops for the new botnet infections.
"Generally speaking, when you only have something like 25 percent or less who are updated with the current patches and Best Practices in AV software, it doesn't really matter. You can be caught up with the latest AV fix, but if other people aren't really applying it, it doesn't really matter."
If you don't have antivirus protection, get some. See CNET's latest antivirus performance test results here. If you already have an antivirus product installed, make sure your subscription and the data files are both up to date.
- prev
- 1
- next
