What is it?
Storm Worm is just one of the many names used for a prevalent
mass-mailing email virus. It began circulating in January, although
earlier variants may have been seen in 2006, as part of the W32/NUWAR
virus family.
How does it work?
Storm Worm arrives in an email as an executable attachment. The message
may have many different subjects, and is most commonly disguised as
breaking news, in an attempt to entice a user to click on the
attachment. Once the executable is running, it attempts to use the
eDonkey P2P network in order to locate a URL from which to download
additional code. This includes a spam Trojan, an email-stealing Trojan;
the mass-mailing part of the virus code and a denial-of-service tool
used to attack other networks.
Should I be worried?
There is nothing particularly special about Storm Worm apart from the
widespread nature of its seeding.
How can I prevent it?
Storm Worm carries no exploit other than social engineering. If your
email policy prevents executable attachments at the gateway, it will
stop most instances of the virus. However, there is always the
possibility of a mobile user becoming infected while checking mail at
home, or someone who might use a webmail service without adequate virus
filtering.