CONTACT US | SITEMAP
 
 
Search:
 
Home > Services > Advisories > MyCERT Advisories > 2008

MA-127.042008: MyCERT Special Alert - Malicious April Fool Emails

Original Issue Date: 2nd April 2008
Updated Issue Date: 3rd April 2008

MyCERT has been observing closely regarding the circulation of a new storm worm with an April Fool's Day theme. The April Fool spam email contains link that when clicked, will redirect users to to download a malicious program.

Based on the number of reports received, currently there is no strong evidence indicating widespred circulation of the April Fool malicious email in our constituency, however MyCERT will continue to monitor the situation.

The subject lines of the spam email include the following:
Re: Happy April Fools Day!
Re: Gotcha! April Fool!
Re: Surprise! The Joke is on You

The contents of the email is:
Today You Can Officially Act Foolish http://79.xx.xx.96
Doh! All'Fool. http://67.xx.xx.151
I am a Fool for your Love http://221.xx.xx.40

Based on our analysis, the malicious links contain 3 malicious exe files. They are:

  • funny.exe
  • kickme.exe
  • foolsday.exe

All the above files had been identified as storm worm.

Though no any exploit had been found asosciated to the email, we advise members/users to be extra cautious when receiving such emails. We advise NOT TO click on the malicious link attached in the email or delete any such emails received.

Mitigation Steps

As for preventive steps, we advise the followings:

  1. Do not click on any links attached in unknown emails, as the links may redirect to malware sites.

  2. Make sure your PCs and browsers are properly patched with latest patches.

  3. Make sure your PC is installed with latest anti-virus softwares and always updated with latest signature files.

  4. Report to CERTs/ISPs on any suspicious emails that you receive.

MyCERT can be reached for assistance at:

Tel: 03-89961901
Fax: 03-89960827
Email:
Web: http://www.mycert.org.my/report_incidents/online_form.html
Hp: 019-2665850
SMS: 019-2813801
Feedback can be directed to MyCERT.

Produced in 2 April 2008 by MyCERT, CyberSecurity Malaysia (Formerly known as NISER), an agency under the Ministry of Science, Technology and Innovation (MOSTI).

Revision History:

Revision History: 3rd April 2008
Initial Release: 2nd April 2008
   

Disclaimer | Copyright © 2009 - CyberSecurity Malaysia