 |
To print: Select File and then Print from your browser's menu
-------------------------------------------------------------- This story was printed from ZDNet Asia. --------------------------------------------------------------
|
No April Fools'--Storm worm is back
By Robert Vamosi
Tuesday, April 01 2008 10:32 AM URL: http://www.zdnetasia.com/news/security/0,39044215,62039579,00.htm Don't click on that silly April Fools' Day e-mail, says one security expert. In a blog, Arbor Networks' Jose Nazario reports that within the last 24 hours he's seeing new releases of the Storm worm designed to take advantage of the first day of April. This new spam campaign is a lure to infect new computers that will become part of the larger Storm worm botnet. The e-mail body is spartan: the words "Doh! April Fools" followed by a numeric URL. If a user clicks on that URL, the default Internet browser will open to a page with a cartoon character. A download is supposed to start within five seconds and, according to the message: "If your download does not start, click here and then press 'Run'." The compromised computer will then install the downloaded file as C:\WINDOWS\aromis.exe. Nazario reports that the botnet file opens the firewall using the netsh firewall set command, makes a lot of outbound connections, then listens on a random UDP port. This article was first published as a blog on CNET News.com. |