Saturday, January 20, 2007

A new computer virus "Storm Worm" is spreading the Internet with the help of recent European Storm

A new computer virus, the "Storm Worm" virus has started to spread around the world following the storm that hit many parts of Europe on Thursday. Hackers are using the storm that killed at least 47 people in Europe this week as a "hook for the unsuspecting" to distribute a virus. (According to the Associated Press, the European storm has killed at least 41 people).

A "significant attack" was launched through the "storm worm," the Finnish computer security company F-Secure warned on Friday.

Storm Worm is a Trojan horse with an executable file as an attachment. Cyber-criminals took advantage of social engineering, using the news of the European storm to get people to open the attached malicious file, which promises more news on the weather emergency. The recipient must open the file for it to execute.

Over an eight-hour period Thursday, malicious e-mails were sent across the globe to hundreds of thousands of people, said Mikko Hypponen, chief research officer for F-Secure. "The e-mail was started 15 hours ago, when the storm was peaking in Central Europe," Hypponen said. "This is unusual in that it was very timely."

The Virus was distributed in messages with subject line of "230 dead as storm batters Europe". The payload in this case was the Small.DAM Trojan that was downloaded into all vulnerable machines upon opening of the spam mail's attachment such as "Read More.exe". Once inside the machine, the Trojan creates a backdoor that can be exploited later to steal data or to use the computer to post spam by the malware authors behind the assault.

In addition to the headline "230 dead as storm batters Europe" the spam uses a number of other provocative headlines. Other e-mail subject lines for it include " U.S. Secretary of State Condoleezza..." and "A killer at 11, he's free at 21 and..."

Attachments may be of the following filenames: "Full Clip.exe"; "Full Story.exe"; "Read More.exe" and "Video.exe".

The attack was first picked up by F-Secure Security Labs Kuala Lumpur during the very early hours of Friday (European time) - January 19, 2007. The timing of the assault and its detection in Asia leads researchers to believe that the assault also originated in the region.

This virus has already been sent to hundreds of thousands of e-mails IDs around the world. Updated anti-virus software can protect against this virus. So don't open any such attachments and make sure that your anti-virus software is having the latest update(s).

Related Links: