Users login

Create an account »

JOIN XATRIX

Users login

Home » News » Storm worm: again.

Storm worm: again.

by Nikola Strahija on August 7th, 2007 Remember January? "Storm worm" ... rings a bell? There's a new variant of it in the wild. Johannes Ullrich of the SANS Institute said "This is potentially a huge problem, It's basically impossible to shut this thing down...
Storm worm returns


The Storm virus is in essence a very simple worm that delivers a malicious payload. The Worm is spread via email with two attachments, an encrypted zip file and an image.

The image is the password required to un-zip the malicious payload which claims to be a patch for a new vulnerability. As the payload is hidden inside an encrypted archive, it is very difficult for anti-virus software to detect it and block the email.

Once a user is infected the computer joins a p2p network allowing files to be easily transferred to other hosts. As would be expected the machine also becomes a botnet zombie allowing full remote control of the machine. By standard, the worm spreads by emailing itself to all addresses in the victims address book.

Adam Swidler, an expert from Postini (www.postini.com), said that before Storm worm appeared daily they have been blocking around 1 million email viruses. On 24th of July they've blocked 46.2 million viruses, out of which 99% were identified containing the Storm virus.

The worrying thing is that this virus (like most) relies on user stupidity. Therefore, it has been very successfull.


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »