back to article Storm Worms exploit April Fools

The miscreants behind the Storm Worm botnet have taken advantage of April Fools' day in a bid to infect more Windows PCs. Security firms are warning users to avoid the temptation to click on April Fools' day emails that may redirect them to maliciously constructed websites. The latest attempt to dupe more gullible users into …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    It's even worse when ...

    ...would be security providers get 'stormed':

    www.offensivecomputing.net

  2. dervheid

    Ah, the joys...

    of unbridled stupidity!

    There's just no telling some people.

  3. Mike Crawshaw
    Pirate

    Wait for it...

    "These compromised PCs can then be hired out to spammers, miscreants interested in running denial of service attacks, **ADWARE DISTRIBUTORS**..."

    So, how long before Storm partners with Phorm??

    PHORMSTORM! HIJACKING A BT INTERNET COMPUTER NEAR YOU!

  4. Slaine
    Paris Hilton

    April Phools fools fools foolish for foolish April Fools

    Phisching for foolish april fools foolishly fool phorm foolers to fool foolish phorm phischers for foolish foolsday philosophic foolery. Fantastic form from Phorming fools foolishly forgetting formulated foolishness for fortnightly forum foolhardiness. Oh F*ck. Female, Fool.

  5. Matthew Anderson

    I got a few

    But what are these guys on...?

    Happy April Fool http://111.111.111.111 (ip changed) ; - )

    This is just lazy - what will they get from a million emails sent like this, 100 new infections maybe. Considering too that most of the people who received this get 5 or so daily anyway and are well aware that they should not be clicking them

    Hell - they would be better off attaching a zip/doc/scr or whatever file and a plausible message. Either that or at least use a friggin domain name and not an IP address.

    I thought these guys were supposed to have a little intelligence about them? Or is that just hype. Seems like a wet fish to me.

  6. Elmer Phud

    New title

    The Reg could have done a bit better - with the usual convoluted titles shirley "Gullibles Travails" could have been used.

    Now, what's the Latin for 'clicker beware'?

  7. Ian Ferguson
    Happy

    Misinformed people

    My father keeps his work-from-home PC turned off for the whole of April 1st, every year - because somebody once told him that some viruses are timed to activate on this date.

    I try to patiently explain the evolution of technology to him but don't get very far. Also, because he was once told that all floppy disks and CDs have to be checked for viruses before being used on work equipment, he posts them all to head office to be checked before using them. Including blank media.

    Bless him.

  8. Michael H.F. Wilkinson Silver badge
    Coat

    @New Title

    caveat clickor ??

  9. James
    Thumb Up

    Wasn't aware of...

    ..any of this. Mail spam filters must be working a treat !

  10. James
    Alert

    @Ian

    Sounds like a plan - except keeping the PC switched off 365 (or 366) days a year would seem to be the most effective anti-virus method. Probably a damn good way of reducing stress, electricity use and a lot of other bad stuff!

  11. Kurt Baumgartner

    new variant research

    The set of Storm threats we are researching seem to be a bit dumbed down from a technical perspective -- it could be that the group originally developing it last year has backed off and new individuals have taken over. Whoever it is, the code base has changed and commodity exploit kits are no longer being used by the group.

    Also of note, Storm propagation activity was quiet over the last holiday (easter).

    AV scan detection was close to non-existent yesterday afternoon when the threat was circulating, and it seems to be because of the major changes in the code and stripping out the exploits on their web pages. We'll continue with details http://blog.threatfire.com

    Happy april fool's!

  12. Mr B
    Alert

    I pity you fools.

    They got the recipe in "Phishing for Dummies" section April Fools to all year round idiots.

    Any stats on the efficiency??? I'm sure, despite the low tech grade, it worked like a charm.

  13. Scott

    I got one of these...

    It said "Today, you can officially act foolish"

    Presumably by clicking on the link.

  14. Steve Sutton

    @Ian Ferguson

    Hey, you've just reminded me, it's Internet cleaning day today - must get my server brushes out ;)

    http://www.snopes.com/holidays/aprilfools/cleaning.asp

  15. b shubin
    Pirate

    Low-hanging fruit

    @ Matthew Anderson

    your optimism is unwarranted, so either you're joking, or you have not been exposed to enough end users.

    most people will click on ANYTHING, especially if they are at work, and the PC they're using is provided and supported by someone else.

  16. Anonymous Coward
    Anonymous Coward

    "So they simply Googled "April Fools" and used the first image that showed up"

    Lucky they didn't use the second image...

  17. Anonymous Coward
    Happy

    Suckers

    Of course people are stupid. Just look at the comments to one of today's April Fool videos on http://www.youtube.com/watch?v=UcLcn7o8v7w

  18. Matthew Anderson

    @ b shubin

    "most people will click on ANYTHING, especially if they are at work, and the PC they're using is provided and supported by someone else."

    This just is not true anymore. SOME people will click on anything, but not most. A few years ago this would have had some truth in it but now people are well used to being bombarded with spam emails laden with viruses, most have probably had several viruses and systems cleaned after some stupid "clicking" and are now very wary about what they click.

    Anyway - my point was, why send out something so mundane and uninviting as a one liner? Yes they will have gotten a few infections from it but no they will not have gotten more than a few hundred max.

    You also have to realise that the email list they used, having been harvested from the infected hosts, probably numbers in 20+ million. However, these 20+ million have now been receiving storm emails for the best part of this year and are well aware of what they shouldnt click. On top of this they did not even use dyndns to at least make the IP address a domain and look a little more realistic.

    Early this year the messages were slightly more believable, now it looks like someone with no knowledge of how best to generate mass infections is simply creating a quick http server on an infected host and sending a crappy mass spam out. All in all taking up 3 minutes of their time to create and send. This is not the same person who was clicking the send button on his bot hoard earlier this year...

This topic is closed for new posts.