Storm Worm Loves You

As is typically the case, attackers are using the seasonal day to launch a social engineering ploy. Email messages are sent with an embedded URL that leads to a site which in turn tries to download an executable file onto the user's system. The executable is of course the worm installer, which turns an affected system in a remote controlled bot.

The same social engineering tactics were used at this time last year, so it's nothing new. No one knows for sure just how widespread Storm worm botnets have become. The reason for that is mainly twofold: The worm can obsfucate its code, which is a big factor in making it difficult to detect; and many people do not have proper security tools and practices in place to prevent or remove infection.

Compounding the overall problem is that, according to SANS Internet Storm Center team member Bojan Zdrnja, "only 4 antivirus programs out of 32 on VirusTotal properly detected \[the current variation of the worm, and there is \] virtually no \[detection in\] the most popular anti-virus programs."

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.