Loading
-
Storm Worm Playing Fools Day Prank
Techtree News Staff, Apr 01, 2008 1500 hrs ISTThis one's not a prank. It's for real.
While every Tom, Dick, and Harry is busy playing "April Fools Day" pranks, please take care to stop and stare at all those wannabes lest one of them (this one's for real) really gets your goat (read: computer).
Some of you might recall the deadly "Storm Worm" from last year. According to Arbor Networks, the virus has gotten groovy once again -- since yesterday -- apparently after one whole day of hard (ground) work.
This time round though, the "Storm Worm" comes with the message "Doh! April's Fool" (but naturally, it's the first of April) suffixed with a URL. If the curious 'virus victim to be' clicks on it, an Internet browser appears displaying a cartoon character. Apparently, a download is supposed to start within five seconds of the user having viewed the page. But just in case the download doesn't start, there's a message that appears at the bottom of the image -- telling you to click on another link and press "Run". And if some hapless user gets through all of this, his/her computer will automatically then install the downloaded file as: "C:\WINDOWS\aromis.exe".
This Storm botnet file will then listen on a random UDP (User Datagram Protocol) port, make a lot of outbound connections, allow itself to the firewall via 'netsh firewall set' and via the registry, use w32tm to update its clock, etc. etc. So, watch out!
Some of you might recall the deadly "Storm Worm" from last year. According to Arbor Networks, the virus has gotten groovy once again -- since yesterday -- apparently after one whole day of hard (ground) work.
This time round though, the "Storm Worm" comes with the message "Doh! April's Fool" (but naturally, it's the first of April) suffixed with a URL. If the curious 'virus victim to be' clicks on it, an Internet browser appears displaying a cartoon character. Apparently, a download is supposed to start within five seconds of the user having viewed the page. But just in case the download doesn't start, there's a message that appears at the bottom of the image -- telling you to click on another link and press "Run". And if some hapless user gets through all of this, his/her computer will automatically then install the downloaded file as: "C:\WINDOWS\aromis.exe".
This Storm botnet file will then listen on a random UDP (User Datagram Protocol) port, make a lot of outbound connections, allow itself to the firewall via 'netsh firewall set' and via the registry, use w32tm to update its clock, etc. etc. So, watch out!
Related Links
Tag keywords
Discussion Board
(1) Comments
Sandeep
,Mumbai, on Apr 02, 2008 02:35 PM
Report abuse
Opinion Poll
- Which desktop web browser do you use?
-
Internet Explorer
Firefox
Chrome
Safari
Opera
Other (specify in comments)
Poll Results View Previous Polls