Fake patch. Fake worm removal. It's a Storm Worm malware (not all malware scanner can detect it)

ISC is alerting users on e-mails that attempt recipients to download an patch.exe and of course, users MUST not click on them to avoid being infected by "Storm Worm".

I personally received 3 today (click to enlarge) :

storm

storm2

storm3

Most antivirus should detect in case a user mistakenly clicks.  To test my resident AV:

patch

Still, don't click on links in your email to download a patch that is not a patch or malware removal tool.  Always download any patch via vendors website e.g. Security Updates for Microsoft products should be taken from Windows Update website.

See article by ISC at http://isc.sans.org/diary.html?storyid=3117 and they also linked to AustCERT alert on the above http://www.auscert.org.au/render.html?it=7813

Edit/Update:  There's another 1 few minutes ago:

storm4

patch2

Too bad, not all AV can detect the malware on it so EVERYONE MUST NOT simply download... really:

virustotal

http://www.virustotal.com/vt/en/resultadof?9fda95540945d9e4b6b5f4bc9101e591

See also discussion at Calendar of Updates

2nd Edit/Update:  Another one arrived today and what is interesting is this new patch.exe very small in size.. compare to above:

storm5

When I test my resident AV, it again detected the file as infected:

patch3

But hhhmmm VirusTotal shows that Symantec do NOT detect it? Impossible because as you can see with the above screenshot, Norton detected it:

virustotal2 

http://www.virustotal.com/vt/en/resultadof?7d0fd63437c86796b24d476c844e0973

Anyway, it seems not all variants of storm worm is detected by all scanners *unless* the Virustotal scan engines has problem in scanning uploaded files.

Published Monday, July 09, 2007 8:45 PM by donna

Comments

Sunday, August 12, 2007 2:45 PM by Mike D

# re: Fake patch. Fake worm removal. It's a Storm Worm malware (not all malware scanner can detect it)

Shouldn't some agency in the gov't be tracking down these virus producers?  With many wars ongoing, the US has no money for technology infrastructure which is yet another infringement on our rights by the gov't.  Add it to the ever-growing list of violations:

They violate the 1st Amendment by opening mail, caging demonstrators and banning books like "America Deceived" from Amazon.

They violate the 2nd Amendment by confiscating guns during Katrina.

They violate the 4th Amendment  by conducting warrant-less wiretaps.

They violate the 5th and 6th Amendment by suspending habeas corpus.

They violate the 8th Amendment by torturing.

They violate the entire Constitution by starting 2 illegal wars based on lies and on behalf of a foriegn gov't.

Support Dr. Ron Paul and end this madness.

Last link (unless Google Books caves to the gov't and drops the title):

www.iuniverse.com/.../book_detail.asp

Sunday, August 12, 2007 5:40 PM by Blade

# re: Fake patch. Fake worm removal. It's a Storm Worm malware (not all malware scanner can detect it)

would it be wrong to murder people that wrote & distributed these malware programs?

sharpening the axe....