Analysis: Threat of the month – Storm Worm | SC Media

Analysis: Threat of the month – Storm Worm

March 26, 2007

What is it?

Storm Worm is just one of the many names used for a prevalentmass-mailing email virus. It began circulating in January, althoughearlier variants may have been seen in 2006, as part of the W32/NUWARvirus family.

How does it work?

Storm Worm arrives in an email as an executable attachment. The messagemay have many different subjects, and is most commonly disguised asbreaking news, in an attempt to entice a user to click on theattachment. Once the executable is running, it attempts to use theeDonkey P2P network in order to locate a URL from which to downloadadditional code. This includes a spam Trojan, an email-stealing Trojan;the mass-mailing part of the virus code and a denial-of-service toolused to attack other networks.

Should I be worried?

There is nothing particularly special about Storm Worm apart from thewidespread nature of its seeding.

How can I prevent it?

Storm Worm carries no exploit other than social engineering. If youremail policy prevents executable attachments at the gateway, it willstop most instances of the virus. However, there is always thepossibility of a mobile user becoming infected while checking mail athome, or someone who might use a webmail service without adequate virusfiltering.

prestitial ad