On April Fools day, many users cast aside all precaution and gleefully open joke e-mails and attachments apparently sent both by friends and unknown parties. The criminals behind the Storm worm are exploiting this user behaviour by sending out what seems to be an April Fools e-mail. The last time the Storm worm went on the rampage was on Valentine's Day.
The e-mails have subject lines including All Fools' Day, Gotcha! April Fool!, Happy April Fool's Day. and Today's Joke!. The body of the e-mail points to a Web address consisting only of a numeric IP address. Thunderbird warns users twice in succession that the e-mail may be a phishing attack.
Detection rates for this contaminant are miserable, as is so often the case. Only AntiVir (TR/Crypt.XPACK.Gen), BitDefender (Trojan.Crypt.AP), ClamAV (Trojan.Crypted-16), Ikarus (VirTool.Win32.LDE), Sophos (Troj/Dorf-BA) and Symantec (Trojan.Peacomm) detected the contaminant when we checked this morning. Avast, AVG, Dr.Web, F-Secure, Kaspersky, McAfee, Microsoft, NOD32, Norman and Panda could not find it.
This April 1, users are advised to remember standard precautionary measures and not click on any links in e-mails from unknown parties or open any attached files that have not been requested.