Printed from http://www.electronista.com

Massive 'Storm' of trojan e-mail hits

updated 02:45 pm EDT, Fri April 13, 2007

Storm Trojan E-mail Hits

Windows users are being hit by a surge of virus-infected spam e-mail, according to Internet security experts. A variant of a bug nicknamed the "Storm worm" has been appearing in several different versions on a wide scale since Thursday and only threatens to get larger in the near term -- over 5 million messages had been caught as of Thursday alone, the security firm Postini reported. The situation was extreme enough that the firm could see as many as 60 million messages today, making it the largest attack in a year and the single largest contributor to junk e-mail this week.

"We're seeing 50 to 60 times the normal volume of spam," said company senior manager Adam Swidler.

The disturbing success of the worm is in large part due to the combination of the way it tricks users and then infects their machines, the experts noted: while the e-mail can only infect a Windows system by the user running a password-protected ZIP file, the message scares readers into believing the PC has been infected and that the attached worm is the cure. "They're telling people that their e-mail access is about to be cut off, and that they have to install this patch to continue using [e-mail]," Swidler explained.

The hack then expands aggressively, installing a rootkit for remotely hijacking the PC; the code also automatically scans for e-mail addresses on the user's system to forward the e-mail, guaranteeing that the worm spreads to many more computers than the infected host. It can also randomize itself and auto-update through a unique peer-to-peer system to help avoid anti-virus tools.

Security analysts have so far suggested that user education on unexpected attachments is the best defense, but note that Symantec and other companies will have updatead means of finding the Storm worm today.



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. Salty Pirate

    Fresh-Faced Recruit

    Joined: Apr 2007

    0

    Storm worm

    there is a way to defend your network against this. Afferent Security Labs has a product called Autoshun that identifies hostile IP addresses and blocks them at the firewall.

    My company has this and we have seen attacks fall off to near zero coming from the outside. The problem we saw with storm was it mutates and traditional signature based tools could not detect it.

  1. JimmyJackFunk21

    Fresh-Faced Recruit

    Joined: Feb 2007

    0

    Security

    With this current "storm" hitting, you need to make sure that you have your security in order. Without a suite from a good and trusted company, like say Anonymizer.com, you've got a good chance of being infected. I recommend doing some research along those lines.

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Dell AD211 Bluetooth speaker

For all of the high-priced, over-engineered Bluetooth speakers in the electronics market, there is still room for mass-market solution ...

VisionTek 128GB USB Pocket SSD

USB flash drives dealt the death blow to both the floppy and Zip drives. While still faster than either of the old removable media, sp ...

Kodak PixPro SL10 Smart Lens Camera

Smartphone imagery still widely varies. Large Megapixel counts don't make for a good image, and the optics in some devices are lacking ...

Sponsor

toggle

Most Commented

 
toggle

Popular News