Help
Quote
The authors of the Storm worm (also know as Trojan.Peacomm) have shown an uncanny knack of changing or shedding key components of the threat in order to enhance its persistence and spread...What is most interesting about this latest variant of the Storm worm is that its authors have removed some key functionality that was present in the previous variant, Trojan.Peacomm.C...the threat now relies less on legitimate components on the operating system and has new proprietary components to do its dirty work. The driver associated with the latest variant, noskrnl.sys, works hand in hand with the user mode noskrnl.exe to provide the same stealth-like capabilities that involved more components, both illegitimate and legitimate, in the past.
symantec.com
Back to top
