Storm worm: again.by Nikola Strahija on August 7th, 2007 Remember January? "Storm worm" ... rings a bell? There's a new variant of it in the wild. Johannes Ullrich of the SANS Institute said "This is potentially a huge problem, It's basically impossible to shut this thing down...
The Storm virus is in essence a very simple worm that delivers a malicious payload. The Worm is spread via email with two attachments, an encrypted zip file and an image.
The image is the password required to un-zip the malicious payload which claims to be a patch for a new vulnerability. As the payload is hidden inside an encrypted archive, it is very difficult for anti-virus software to detect it and block the email.
Once a user is infected the computer joins a p2p network allowing files to be easily transferred to other hosts. As would be expected the machine also becomes a botnet zombie allowing full remote control of the machine. By standard, the worm spreads by emailing itself to all addresses in the victims address book.
Adam Swidler, an expert from Postini (www.postini.com), said that before Storm worm appeared daily they have been blocking around 1 million email viruses. On 24th of July they've blocked 46.2 million viruses, out of which 99% were identified containing the Storm virus.
The worrying thing is that this virus (like most) relies on user stupidity. Therefore, it has been very successfull.