Notorious Storm Worm Still Alive

According to the security experts from the Internet security firm Computer Associates (CA), the notorious Storm Worm is back from the dead, as reported by thenewnewinternet.com on April 28, 2010.

The security researchers spotted the threat while they were studying software which was packed with rogue anti-virus software, revealed Don Debolt, Director of Threat Research at CA, as reported by scmagazineus.com on April 28, 2010.

Named Win32/Pecoan.AG, the main intention of the malware is to distribute spam. The malware assembles targeted receivers by scanning the computer and reaping target e-mail IDs from the files with any of the file extensions that were listed by the firm.

The security firm has detected three versions of Storm's most recent botnet, and 41 of the top notch anti-virus products can detect these variants.

The director further said that this is an example of reusing a tested code which worked effectively previously. This teaches us to get know-how of the Internet and malware that attackers reuse methods that have performed really well in the past, and can use them in future as well. It is very important to keep a check on the legacy malware's reissuance and redeployment.

Worryingly, the number of computers that may be infected with this malware is yet unknown. It is assumed that the malware infect the systems via drive-by downloads. Here, a website attacks user's system by seeking software flaws in an attempt to deliver malware.

The malware, mainly capitalizing on latest and current events, exploded in the year 2007 to control thousands of systems. After infecting the systems, the malware used them to deliver spam. Storm, at its peak, was accountable for 20% of spam or junk e-mail in the world.

Moving ahead, at the end of the year 2008, the grip of the malware on dominating the botnet cratered, in part because Atrivo (or Intercage), a California-based Internet Service Provider (ISP), was knocked offline. This rogue Internet service hosted C&C servers of the Storm worm to render instructions to the infected computers. Waledac, in due course of time, replaced the infamous Storm worm.

Related article: Notorious Russian ISP RBN Hacked Bank of India Website

» SPAMfighter News - 5/10/2010