New Storm Worm Outbreak Blasting The Internet
The latest variant is dangerous because it's encrypted to hide from antivirus programs and uses a hard-to-squash peer-to-peer network.
By Sharon Gaudin
Apr 13, 2007 06:05 AM
The virulent Storm worm that blasted its way across the Internet in January has reared its ugly head again.
A variant of the Storm worm hit hard in a widespread spam campaign on Thursday. The Internet Storm Center reported detecting at least 20,000 infections today. Patrick Martin, a senior product manager with the Security Response Team at Symantec, said they received several hundred reports of the malicious e-mail making the rounds.
"This is potentially a huge problem," said Johannes Ullrich, chief research officer at the SANS Institute and chief technology officer for the Internet Storm Center. "It's basically impossible to shut this thing down.... And once a user is infected, it's very hard to get rid of it. They would probably have to reinstall their system."
The outbreak starts with a wide-ranging spam attack that is littering e-mail inboxes around the globe. The e-mail has subject lines like "Worm Alert," "Virus Alert," "Worm Activity Detected!" and "Dream of You." Some of the subject lines even use the word "love" or promise a patch for "new bug." Martin said the spam generator is changing the subject lines on a regular basis to throw off users and antivirus vendors.
Inside the e-mail is an image and an encrypted zip file. The image has the password needed to open the zip file.
Unlike the original Storm malware, which was hidden in an executable file, this one is hidden in the encrypted zip file. Ullrich explained in an interview that means it's much more difficult for antivirus software to detect the malicious code. If they can't detect it, they can't stop it.
If a user opens the file, his machine is infected with the malware and it then connects to a peer-to-peerhttp://www.informationweek.com/security/sh...cleID=199000691