... well, it is not a vulnerability per say but guess I should inform you guys...
These are subjects and e-mail bodies used by the worm:
E-mails contain a link to a webserver, where the user can download the malware named as funny.exe, foolsday.exe, kickme.exe.
- All Fools' Day
- Doh! All's Fool.
- Doh! April's Fool.
- Gotcha!
- Gotcha! All Fool!
- Happy All Fools Day!
- Happy All Fools!
- Happy April Fools Day
- Happy April Fool's Day
- Happy April Fools!
- I am a Fool for your Love
- Join the Laugh-A-Lot!
- One who is sportively imposed upon by others on the first day of April
- Surprise!
- Surprise! The joke's on you.
- Today You Can Officially Act Foolish
- Today's Joke!
- Wise Men Have Learned More from Fools...
After executed, the malware will create aromis.exe file under Windows directory and aromis.config, into the same directory. This last one is the configuration file used by the malware to build up the botnet.
So don't be a fool and click on an april's fool email... if you do, then you are indeed a FOOL!
0 Comments:
Subscribe to:
Post Comments (Atom)
