Today, we are celebrating Halloween and malware authors want to be part of the fun. They love to disguise and they love zombies even more. To celebrate Halloween, the operators of the Storm Worm have launched a new e-mail campaign to attract users to their malicious pages and infect their systems with the latest variant of their creation. E-mails have been sent out to tens of thousands of users with a link to a dancing skeleton application. If a user clicks on the malicious links, he is presented with a web page similar to the following.
Our antivirus detects the file called halloween.exe as Win32/Nuwar.Gen worm, meaning that we have a generic signature to detect its variants. Even if this type of attack is detected and blocked by your security software, we strongly recommend never opening e-mails or following web links that were not solicited or that are coming from an untrusted source.
Author Pierre-Marc Bureau, ESET