NOW READ THIS
("Security Advisory")

Go Back

---

Submitted by: Bill Hickey
NCVA List Master

NRT-0127 Massive Outbreak of Storm Worm Variant:

A huge surge of a new Storm Worm variant is flooding email inboxes and evading many antivirus programs. Email security company Postini said that over the last 24 hours it has seen about 55 million virus emails, about 60 tims the daily average. Cloudmark, another email security company, said it saw similar outbreak numbers. Today's flood is said to be ten times as large as one that occurred on 08APR, which also involved the Storm Worm. The latest batch of malicious emails has subjects like "Worm Alert!" or "Virus Alert!" One such email included a text message embedded in an image - which makes it easier to evade antispam tools - with a password-protected archive named "patch-7594.zip" whose password is contained in the image's text. The author tested the email against 31 antivirus programs, and only four detected the virus. According to Postini, double-clicking the attachment causes the following: First, a rootkit will attempt to hide the malware. Then the worm will attempt to disable antivirus programs. Next, the worm connects to a custom peer-to-peer network used by the worm's creators to issue commands, such as to download additional malware, send spam or transmit personal data stolen from the victim computer. Finally, the worm searches for email addresses on the victim machine and sends itself to any discovered addresses. The worm is self-mutating, according to Postini, changing email subject lines, attachment file names, and malware characteristics in order to evade antivirus and antispam programs.

(pcworld.co.nz 13APR07)

Last Modified: Friday, 20-Apr-2007 07:36:52 EDT