What is it?

Storm Worm is just one of the many names used for a prevalent mass-mailing email virus. It began circulating in January, although earlier variants may have been seen in 2006, as part of the W32/NUWAR virus family.

How does it work?

Storm Worm arrives in an email as an executable attachment. The message may have many different subjects, and is most commonly disguised as breaking news, in an attempt to entice a user to click on the attachment. Once the executable is running, it attempts to use the eDonkey P2P network in order to locate a URL from which to download additional code. This includes a spam Trojan, an email-stealing Trojan; the mass-mailing part of the virus code and a denial-of-service tool used to attack other networks.

Should I be worried?

There is nothing particularly special about Storm Worm apart from the widespread nature of its seeding.

How can I prevent it?

Storm Worm carries no exploit other than social engineering. If your email policy prevents executable attachments at the gateway, it will stop most instances of the virus. However, there is always the possibility of a mobile user becoming infected while checking mail at home, or someone who might use a webmail service without adequate virus filtering.