|
|
02-04-2008, 06:56 PM
|
#1 |
|
Guest
Posts: n/a
|
Storm Worm Thinks You’re All April Fools!
http://www.lavasoft.com/support/secu...er/blog/?p=210
Silj -- siljaline "Arguing with anonymous strangers on the Internet is a sucker's game because they almost always turn out to be -- or to be indistinguishable from -- self-righteous sixteen-year-olds possessing infinite amounts of free time." - Neil Stephenson, _Cryptonomicon_ |
|
|
03-04-2008, 07:01 AM
|
#2 |
|
Guest
Posts: n/a
|
Re: Storm Worm Thinks You’re All April Fools!
siljaline wrote:
<snip worthless link> 31 March 2008 22:03 GMT April Fools Dorf April Fools Day is an opportunity for many to play practical jokes on each other. Unfortunately it’s not just harmless pranks, but malware authors are also jumping on the bandwagon. Those behind the “Dorf” malware have decided to make use of “April Fools” day to launch another new spam/malware attack. SophosLabs spam traps were hit hard today by many messages with varying body and subject lines attempting to direct users to an IP based URI pointing to machine hosting malware. Example subject lines include: All Fools’ Day April Fools’ Day Doh! All’s Fool. Doh! April’s Fool. Gotcha! Gotcha! All Fool! Gotcha! April Fool! Happy All Fool’s Day. Happy All Fools Day! Happy All Fools! Happy April Fool’s Day. Happy April Fools Day! Happy April Fools! I am a Fool for your Love Join the Laugh-A-Lot! One who is sportively imposed upon by others on the first day of April Surprise! Surprise! The joke’s on you. Today’s Joke! Today You Can Officially Act Foolish Wise Men Have Learned More from Fools… While the content of the email did vary, the page itself seems to be remaining static, and is being detected as Troj/DorfHtml-B: Which links you to a number of different filenames (e.g. “foolsday.exe”, “funny.exe”, “kickme.exe”) all detected as Troj/Dorf-BA. BrettC, SophosLabs, Canada http://www.sophos.com/security/blog/2008/03/1251.html |
|
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Linear Mode
