Storm malware shapes up as worst "weather" in years

ComputerWorld Article

January 22, 2007 (IDG News Service) -- Malicious software that was sent out in millions of spam messages over the weekend has now infected about 300,000 computers, making it the worst malware outbreak since 2005, Symantec Corp. said Monday.

The so called "Storm Worm " e-mail messages first started appearing last Wednesday, advertising attached news reports on topics like "230 Dead as storm batters Europe," or "U.S. Secretary of Sate Condoleeza Rice has kicked German Chancellor."

The attachments have names such as "Full Story.exe" or "Full Video.exe." Once they are launched, these files install malicious software that then waits to receive further instructions over the Internet.

The malware is not actually a worm, however, and infected PCs do not immediately start spreading the software to other computers. Instead, Storm has been spreading more rapidly over the past few days as its creators have pumped out more and more malicious e-mail messages.

"Over the weekend it really kicked into high gear," said Patrick Martin, senior product manager with Symantec Security Response.

The last time malicious software spread this quickly was in May 2005, when the Sober.O mass-mailing worm affected a similar number of systems, Martin said.

The latest versions of the worm include similarly provocative news headlines and malicious attachments, but the criminals have added a twist over the past few days: the text of the e-mail messages now contains glowing reviews of penny stocks, apparently designed to fuel "pump and dump" stock scams.

Some of the e-mail messages have also been changed to prey on the romantic, security vendor F-Secure Corp. warned. Recent versions of these Trojan e-mails have contained subject lines such as "A Bouquet of Love," "A Day in Bed Coupon," or "A Monkey Rose for You."