April Fool's Day Warning, And Some Fun
This post has been updated. Please read through to the end.
The cyber criminal(s) behind the Storm worm want to make an April Fool out of you today.
The Storm worm author(s) likes to use holidays and other notable calendar occasions to launch new attacks. True to form, new versions of the Storm worm were blasted out yesterday as links in an e-mail that included a taunting image of an idiot in a fool's costume wearing a "kick me" sign. Anyone foolish enough to follow the embedded directions telling recipients to "click here, if your download doesn't start in 5 seconds," will hand their PC over to the bad guys.
The security news on this first day of April isn't all hackers and viruses. In fact, you'd do well not to take anything you read online today too seriously. Below are a few of the more entertaining fake security news stories spotted so far today (hat tip to the SANS Internet Storm Center).
F-Secure: A new Trojan horse program that actually deposits money into your bank account.
Google: Introducing "Gmail Custom Time." Didn't send that presentation on time? No problemo! Now you can back-date your G-mail messages.
NASA: Giant Space Station Robot Turns on Crew (image).
Update, 3:45 p.m. ET: Remember how I warned not to take anything you read online seriously today? Looks like Security Fix may be the April Fool, here. I was just now cruising down the list of some security sites I hadn't visited in a few days when I landed at the site for OffensiveComputing.net, a security research blog that features some interesting news about the latest malware (it also includes live malware samples, so visit at your own risk). After I clicked on the bookmark for the site, I noticed that their homepage had been changed to feature the fool graphic pictured in the post above. Five seconds later I received a prompt to download an executable file, "funny.exe". A scan of the downloaded file against 30-some-odd virus scanners at VirusTotal.com produced zero hits. One security professional that I asked to reverse engineer the executable found a text string in the file that points to a Rick Astley video on Youtube.com. Looks like we got "Rick Rolled". I'm officially calling hoax here, but I'm still waiting to confirm with OffensiveComputing.
Update, 4:46 p.m. ET: Okay. April Fools Day Storm worm is real. But the code offered by SecureComputing.net is a joke. Well, that was good for laughs. Thanks guys.
April 1, 2008; 1:50 PM ET
Categories: Fraud , From the Bunker , Safety Tips
Save & Share: Previous: Cyber Attacks on the Campaign Trail
Next: 8.3 Million Records Spilled in Data Breaches This Year
Posted by: Harry K | April 1, 2008 3:18 PM | Report abuse
Posted by: Lon | April 1, 2008 3:19 PM | Report abuse
Posted by: Amos | April 1, 2008 4:48 PM | Report abuse
Posted by: J. Warren | April 1, 2008 5:15 PM | Report abuse
Posted by: aeschylus | April 1, 2008 11:34 PM | Report abuse
Posted by: Sam Milby | April 3, 2008 12:14 PM | Report abuse
Posted by: Bryan Adams | April 15, 2008 12:39 PM | Report abuse
Posted by: Bryan Adams | April 15, 2008 12:40 PM | Report abuse
The comments to this entry are closed.