Several companies, including Postini, iDefense Labs, and the SANS Institute, are tracking a new outbreak of a variant of the Storm worm that's producing heavier than normal detection rates around the Internet.
iDefense said the new variant "includes anti-security measures to hinder analysis," which essentially means that it tries to disable security-related tools such as antivirus software. The SANS Internet Storm Center incident handlers reported, "We are being told that it is a 'Nuwar/Zhelatin' virus with Virtual Machine detection capabilities."
A spokesperson for email security solution provider Postini said the latest outbreak installs a rootkit that among other things "\[tries to\] disable existing anti-virus applications. Then it will connect to a peer-to-peer network where it can upload data including personal information from the infected computer as well as download additional malware. The infected computer then becomes a bot-net zombie that can be used to send spam and issue other attacks. At the same time that it is connecting to the P2P network, the virus will search the computer's hard drive for email addresses and begin replicating itself by sending emails to the addresses that it finds."
The Postini spokesperson went on to say that based on current trends, "\[it's\] set to be the largest attack on email in more than a year. Initial reports from Postini's global data centers indicate that today's attacks have driven virus levels 60 times higher than average daily levels on the Internet."
