We’ve spotted a new variant of a well-known threat cashing in on April Fool’s Day in the last few hours. Anyone want to hazard a guess as to what it is?
Wasn’t that hard of a question, I guess. The Storm gang is at it again.
Too lazy to actually create their own image to represent the holiday, the group simply Googled “April Fools” and used the first image that showed up. So far emails are being spammed out with the Subject Line “April Fool’s Day”, and the executables on the site are called foolsday.exe or funny.exe. However if the gang’s past behavior is any indication, these file names will change several times over the next 48 hours to similarly themed names. They’ve already added Kickme.exe in the time it took me to type this.
Needless to say, Trend Micro customers are already being protected using our Web Threat Protection technology — blocking access to the sites themselves, preventing the user from any exposure to the threat. We are also adding detection proactively for the binary files themselves.
Overall I doubt that this incident will be remembered in the same way as other classics such as the value of pi being changed to 3.0 and the hotheaded naked ice borer, but this is definately one prank you do not want to fall for.
Robert McArdle, Senior AntiVirus Specialist