Another holiday, another round of Storm.
This time, the gang is sending around email attachments associated with an April Fool’s Day theme.
If you click on a link in an email with an “All Fool’s Day” message, you may arrive at a site with an image like this one. DO NOT download and run the file:
The sites are offering downloads like “funny.exe”, “ecard.exe”, “foolsday.exe” and “kickme.exe”. One of its first chores is to copy itself to “aromis.exe” in the c:windows directory. Then, it sets a firewall exception rule and attempts to “phone home” on various outgoing ports. This first set of steps is unusual for Storm, but is consistent in the samples we are observing.
Always exercise caution and do not just click on random links sent to your account via email. Exercise even more caution when that random link is attempting to provide an executable to your system!