Storm worm wreaks havoc over weekend

 

Gallery

By Reuters

Posted on 22 Jan 2007 at 11:28

Security company F-Secure report says that the gang which launched a computer virus trading on people's interest in the storms that hit Europe last week has issued more malware over the weekend.

First discovered on Friday, Storm Worm was spammed out over the weekend and hit Europe and the east coast of the US particularly hard.

Since then, a new Trojan along with numerous variants have been spammed out in emails that make outrageous claims based on current news trends, such as missiles shooting down satellites, or that Saddam Hussein has been seen alive.

The latest versions use rootkit techniques that hide the virus deep in the system where they can't be accessed by security software without the technology to run the low-level scans needed to detect them.

Researchers at Sunbelt also noted the veracity of the Storm Worm, describing it as 'quite nasty'.

Softscan said that security companies generally coped quite well with the rapid release of new variants, with one issuing updates within 20 minutes. However, even in that vanishingly small window, the company tracked 2,600 mails loaded with the new variant.

'I think it's very easy to become complacent about viruses and worms because there hasn't been many large outbreaks just recently and normally many of the anti-virus vendors are able to create signatures for their databases that generically pick up the current malware and any of the subsequent variants,' said Diego d'Ambra CTO of SoftScan. 'The people behind Storm Worm have now shown us that it's something they are aware of and I think we will start to see more malware like this in the future.'

The rapid infection rate of the worm can be seen through F-Secure's tracking centre.