PC Tools warns latest storm threat on April Fools

Boulder, CO. 01 April 2008: Leading security software vendor, PC Tools today warns about the latest storm worm internet threat targeting computer users on April Fools Day.

"The Storm worm gang has done it again. This time emails are being circulated which are associated with the April Fool's Day theme. The email messages refer to such things as 'All Fool's Day' and contain a link that if clicked directs users to websites offering malicious downloads," says PC Tools Chief Threat Officer, Kurt Baumgartner.

The sites offer downloads such as funny.exe, ecard.exe, foolsday.exe and kickme.exe. Once the file is downloaded and executed on the computer it sets a firewall exception rule and then attempts to 'phone home' using various outgoing ports.

"This first set of steps is unusual for Storm, but is consistent in the samples we are observing, however, most concerning is the fact that the packer and major sections of executable code have changed significantly, such that it could be another variant. So much so that AV detection for this threat is close to non-existent," says Baumgartner.

PC Tools highlights this threat as using typical Malware 2.0 behavior. "This code has changed quite a bit from what we would expect from Storm. The most effective way users can protect against these new threats is with anti-malware products that use behavioral technology. Traditional AV products which use signature detection are simply not equipped with this behavioral technology and the threat is currently evading those users' defenses," cautions Baumgartner.

PC Tools notes that users continue to fall for these fairly persuasive, but now common, social engineering schemes.

"Humans are curious by nature and often this is the reason they fall for these malicious emails - a case of curiosity killed the cat," says Baumgartner.

PC Tools reminds consumers that hackers are aiming to get their malicious software on as many computer systems as possible to fulfill monetary objectives.

It is a basic numbers game, if a hacker sends out 1 million emails and 1% of those are opened and executed, that's 10,000 computers with their malicious software loaded, which within seconds could be unknowingly tracking and collecting passwords, bank details and other personal information.

"The warning is simple, always exercise caution and don't just click on random links sent to your account via email. Exercise even more caution when that random link is attempting to download a file to your system," says Baumgartner.

The solution says Baumgartner, is to "add an additional layer that offers proactive behavioral protection, such as ThreatFire, and don't just blindly trust your traditional AV product alone."

ABOUT THREATFIRE

ThreatFire uses advanced patent pending technology to detect signs of malicious behaviour commonly used by malware threats. ThreatFire is unlike traditional anti-virus products that rely on signature technology and require updating every time a new threat occurs. ThreatFire's ActiveDefence Technology is able to identify and paralyse threats that are too new or too sophisticated to be recognized by traditional security software. ThreatFire only alerts the end user to truly malicious behavior. The Free Edition can be used as a compliment to traditional security products to provide another critical layer of protection.

ABOUT PC TOOLS

PC Tools is a global software leader with a cache of security and utility products, including the multi award-winning Spyware Doctor. PC Tools is an industry leader in real-time anti-spyware and has a number of key patents pending.

The PC Tools Malware Research Centre monitors trends and emerging spyware issues and provides security solutions for the consumer and enterprise marketplace. The company is headquartered in Sydney, with offices in San Francisco, London, Shannon (Ireland), Melbourne, Kiev, and Boulder. PC Tools has a global network of distributors, resellers, and retailers.

CONTACT

Magida Ezzat, PC Tools Communications Manager
PH: +61 411 156 152
E: magida@pctools.com