It's even worse when ...
...would be security providers get 'stormed':
www.offensivecomputing.net
The miscreants behind the Storm Worm botnet have taken advantage of April Fools' day in a bid to infect more Windows PCs. Security firms are warning users to avoid the temptation to click on April Fools' day emails that may redirect them to maliciously constructed websites. The latest attempt to dupe more gullible users into …
Phisching for foolish april fools foolishly fool phorm foolers to fool foolish phorm phischers for foolish foolsday philosophic foolery. Fantastic form from Phorming fools foolishly forgetting formulated foolishness for fortnightly forum foolhardiness. Oh F*ck. Female, Fool.
But what are these guys on...?
Happy April Fool http://111.111.111.111 (ip changed) ; - )
This is just lazy - what will they get from a million emails sent like this, 100 new infections maybe. Considering too that most of the people who received this get 5 or so daily anyway and are well aware that they should not be clicking them
Hell - they would be better off attaching a zip/doc/scr or whatever file and a plausible message. Either that or at least use a friggin domain name and not an IP address.
I thought these guys were supposed to have a little intelligence about them? Or is that just hype. Seems like a wet fish to me.
My father keeps his work-from-home PC turned off for the whole of April 1st, every year - because somebody once told him that some viruses are timed to activate on this date.
I try to patiently explain the evolution of technology to him but don't get very far. Also, because he was once told that all floppy disks and CDs have to be checked for viruses before being used on work equipment, he posts them all to head office to be checked before using them. Including blank media.
Bless him.
The set of Storm threats we are researching seem to be a bit dumbed down from a technical perspective -- it could be that the group originally developing it last year has backed off and new individuals have taken over. Whoever it is, the code base has changed and commodity exploit kits are no longer being used by the group.
Also of note, Storm propagation activity was quiet over the last holiday (easter).
AV scan detection was close to non-existent yesterday afternoon when the threat was circulating, and it seems to be because of the major changes in the code and stripping out the exploits on their web pages. We'll continue with details http://blog.threatfire.com
Happy april fool's!
"most people will click on ANYTHING, especially if they are at work, and the PC they're using is provided and supported by someone else."
This just is not true anymore. SOME people will click on anything, but not most. A few years ago this would have had some truth in it but now people are well used to being bombarded with spam emails laden with viruses, most have probably had several viruses and systems cleaned after some stupid "clicking" and are now very wary about what they click.
Anyway - my point was, why send out something so mundane and uninviting as a one liner? Yes they will have gotten a few infections from it but no they will not have gotten more than a few hundred max.
You also have to realise that the email list they used, having been harvested from the infected hosts, probably numbers in 20+ million. However, these 20+ million have now been receiving storm emails for the best part of this year and are well aware of what they shouldnt click. On top of this they did not even use dyndns to at least make the IP address a domain and look a little more realistic.
Early this year the messages were slightly more believable, now it looks like someone with no knowledge of how best to generate mass infections is simply creating a quick http server on an infected host and sending a crappy mass spam out. All in all taking up 3 minutes of their time to create and send. This is not the same person who was clicking the send button on his bot hoard earlier this year...