siljaline wrote:

<snip worthless link>

31 March 2008 22:03 GMT

April Fools Dorf
April Fools Day is an opportunity for many to play practical jokes on
each other. Unfortunately it’s not just harmless pranks, but malware
authors are also jumping on the bandwagon.

Those behind the “Dorf” malware have decided to make use of “April
Fools” day to launch another new spam/malware attack. SophosLabs spam
traps were hit hard today by many messages with varying body and
subject lines attempting to direct users to an IP based URI pointing
to machine hosting malware.

Example subject lines include:

All Fools’ Day
April Fools’ Day
Doh! All’s Fool.
Doh! April’s Fool.
Gotcha!
Gotcha! All Fool!
Gotcha! April Fool!
Happy All Fool’s Day.
Happy All Fools Day!
Happy All Fools!
Happy April Fool’s Day.
Happy April Fools Day!
Happy April Fools!
I am a Fool for your Love
Join the Laugh-A-Lot!
One who is sportively imposed upon by others on the first day of April
Surprise!
Surprise! The joke’s on you.
Today’s Joke!
Today You Can Officially Act Foolish
Wise Men Have Learned More from Fools…

While the content of the email did vary, the page itself seems to be
remaining static, and is being detected as Troj/DorfHtml-B:

Which links you to a number of different filenames (e.g.
“foolsday.exe”, “funny.exe”, “kickme.exe”) all detected as
Troj/Dorf-BA.

BrettC, SophosLabs, Canada
http://www.sophos.com/security/blog/2008/03/1251.html