Storm Worm Returns with Follow-Up Attack
In early 2007 Techspot spoke regarding Storm Worm's attack. There were speculations that the attack in the beginning was only to test the worm's capability meaning that successive variants would follow. That speculation has turned out true as a follow-up assault occurred this week. Spam-filtering firm, Postini marked the attack as the largest spam surge with virus in one year. Techspot published this on April 13, 2007.
Postini arrived at its estimates of reported increases on the basis of 2bn e-mail messages compiled every day.
Postini issued warning notices following the threat that it is easy to install the Storm Worm by clicking on the attachment file in the e-mail. The attachment is actually an executable that plants a rootkit, which has anti-security tools that hide the malware from virus scans; even disables security programs running on the system. Zdnetasia published this on April 16, 2007.
The Storm Worm surge began on April 12, 2007 around 3a.m PDT. The initial messages displayed subject heads that included the catchword "love" tempting users to click on the provided file attachment. As soon as they did that the virus would get installed on the PC. But in a short time the subject heads changed tricking the users into believing that a technical support group sent e-mail to help avoid a malicious worm. With this the name and size of the attachment file also changed as e-mails passed from one person to another.
After installation the Storm Worm acquires full control of the system and makes it an addition to a 'bot army' of zombie computers. These connect to a P2P network to allow download of new updates, upload personal identification data from the captured PC, and harvest e-mail addresses to distribute spam to expand the attacks.
An up-to-date anti-virus program can detect the virus, according to Adam Swidler, senior manager of solutions marketing at Postini. ISPs too can control the spread of the worm by deploying updated virus filters that can block it before reaching inboxes. Most of all Swidler urges users not to click on the attachment(s). Techshout published this on April 14, 2007.
Related article: Storm Worm Starts Afresh
» SPAMfighter News - 21-04-2007