RSS'Storm Worm' Continues Quick Spread
By Ed Oswald | Published January 23, 2007, 11:57 AM
The so-called 'Storm Worm' continues to spread, with several waves of attacks reported over the weekend. The virus writers have even included a way to update the Trojan, security firms say, in an effort to evade antivirus software.
Reports of the worm began surfacing on Friday in Europe, as unsuspecting Web users were tricked into downloading an executable file. The e-mail claimed to have breaking news on the stormy weather conditions that have rocked the region over the past week.
Subsequent waves added new subjects, claiming to have information on Cuban dictator Fidel Castro's death and news on possible Chinese missile tests. In each e-mail a different Trojan was used, and all were updatable.
F-Secure says in the latest wave, sent out Monday, the worm has changed its spots yet again. Subjects now tend to cover love-related subjects, it said. The firm recommended that IT administrators filter .exe files in the e-mail gateway immediately to help stop the spread of the worm.
Although an exact number off affected computers has not been provided, F-Secure says as many as several hundred thousand computers could have been affected. The Trojan installs a rootkit, which allows the attackers to use the computer as part of a botnet.
Further frustrating anti-malware researchers is the fact that the botnet created by this worm is more like a P2P network, which would make it harder to take down. Previously, most botnets had a centralized server, which when taken down would disable the rest of the network.
Researchers say for this reason it is hard to gauge the extent of the attack. However, at one point on Friday, 1 in 200 e-mails were infected, security firm Sophos said.
What operating systems does this affect? lol, just kidding.
Score: 0
|Not Apple O/S
Score: 0
|I've heard rumors that Sony developed this trojan.
Score: 0
|If you download an EXE and run it not knowing where it came from, then you deserve to be hacked. Plain and Simple. Its tough PC love...
Score: 0
|Shame that by default, XP can hide the fact it's an EXE file. Default settings have file extensions hidden, so a file named like "ftw.doc.exe" will simply appear as ftw.doc.
This is still an un-patched security risk. :P
Score: 0
|Eh, considering people shouldn't be opening doc files of dubious origin, your example wasn't exactly the best. The main point being, if you have doubts about a file...don't open it. I'm not sure which I would dislike more, opening a trojan or an innocently named copy of the rather distasteful image everyone has seen on the net (dammit, what the hell was it, I am drawing a blank).
Score: 0
|I am trying to understand why anyone would want to create a virus or virus: Pride? Joy? Success? I just don't get it. I also don't have a clue why anyone would click on an executable file under the pretense that this worm is being spread.
Score: 0
|HMMMMM>. Money!
Score: 0
|I also don't have a clue why anyone would click on an executable file under the pretense that this worm is being spread.
Ah, the heart of many major Windows issues, PIBKAC.
Score: 0
|Worm + rootkit = botnet, botnet + spamlords = money...
Score: 0
|PEBKAC, even. :P
Score: 0
|Nah, raises too many philosophical issues? ;)
Score: 0
|