On MP3.com: Linkin Park
BNET Business Network:
BNET
TechRepublic
ZDNet
TalkBack

By Dawn Kawamoto, News.com
Posted on ZDNet News: Jan 19, 2007 4:15:00 PM

"Storm worm," one of the larger Trojan horse attacks in recent years, is baiting people with timely information about a deadly, real-life storm front, security researchers said Friday.

Over an eight-hour period Thursday, malicious e-mails were sent across the globe to hundreds of thousands of people, said Mikko Hypponen, chief research officer for F-Secure.

People who open the attachment then unknowingly become part of a botnet. A botnet serves as an army of commandeered computers, which are later used by attackers without their owners' knowledge.

Storm worm carries the subject line "230 dead as storm batters Europe," Hypponen said, noting the unusual twist to the e-mail.

"The e-mail was started 15 hours ago, when the storm was peaking in Central Europe," Hypponen said. "This is unusual in that it was very timely."

Storm worm is a Trojan horse with an executable file as an attachment. Cybercriminals took advantage of social engineering, using the news of the European storm to get people to open the attached malicious file, which promises more news on the weather emergency. The recipient must open the file for it to execute.

The file creates a back door to a computer that can be exploited later to steal data or to use the computer to post spam.

Storm worm is already close to being as large as the bigger attacks of 2006, Hypponen said, though it's still smaller than Sasser and Slammer.

Hypponen also noted that this Trojan horse is unusual because most attacks these days tend to be smaller and targeted, as criminals seek to pilfer personal information for financial gain, rather than fame.

Though Storm worm is widespread, the damage may ultimately be minimal in the U.S. because most tech security companies will have already added it to their blocking list before people get into work, he added.

Other e-mail subject lines for it include "U.S. Secretary of State Condoleezza..." and "A killer at 11, he's free at 21 and..."

According to the Associated Press, the European storm has killed at least 41 people.

  • Talkback
  • Most Recent of 98 Talkback(s)
SPAM knows no language barriers
"I am not affected by the horror of trying to sort out what is spam or not, because all my personal correspondence is in Swedish while all spam exclusively is in English."

Interesting. I have r... (Read the rest)
Posted by: cdgoldin Posted on: 02/28/07 You are currently: Logged In | Log out
'Storm Worm' hits computers around the world Loverock Davidson   | 01/19/07
"This is pretty much another non-issue worm." Beyond the Vista, a Snow Leopard is stalking .   | 01/19/07
Same here... Graham Fluet   | 01/19/07
But YOU are ignorant. harrisharris   | 01/19/07
and... harrisharris   | 01/19/07
but... harrisharris   | 01/19/07
Let the Holy Wars begin ... Andrew P.   | 01/20/07
Considering... jasonp@...   | 01/22/07
And 15% of the Graham Fluets in the world John Zern   | 01/21/07
Congratulations are in order! xuniL_z   | 01/21/07
He keeps getting it wrong. It's actually John Zern   | 01/21/07
No need xuniL_z   | 01/21/07
Non-issue, Jack-Booted EULA   | 01/19/07
first, windows is spaded but why is the code implemented without admin PW? ralphrides   | 01/22/07
Headline is wrong frgough   | 01/19/07
Of course they are Windows machines... Confused by religion   | 01/19/07
It's so nice to 999ad@...   | 01/19/07
Yeah... Cardinal_Bill   | 01/19/07
Gee, thanks for enlightening me about Google Confused by religion   | 01/19/07
Who said anything about desktops...moron?? mdsmedia   | 01/19/07
It's also nice rigdokta   | 01/19/07
I'm one of 3, too...and my other PC mdsmedia   | 01/19/07
5 Mac and 3 Linus boxes ator1940   | 01/19/07
Cheezy yees oh weezy MLHACK   | 01/19/07
RE: Cheezy yees oh weezy jbaviera@...   | 01/19/07
And it's pronounced Chowda ("ch" as in "loch") not Guda cdgoldin   | 02/28/07
Oh MLHACK   | 01/19/07
Try executing the WORM on them :) mdsmedia   | 01/19/07
exactly. MLHACK   | 01/19/07
Milly Shelendrea   | 01/19/07
um Jack-Booted EULA   | 01/19/07
You've got 5 macs and 3 Linux machines, Milly?? mdsmedia   | 01/19/07
Exactly right Chad_z   | 01/19/07
fiddle while rome burns... alpha_server   | 01/19/07
(all) Graham Fluet   | 01/19/07
YES! Krazyken39   | 01/19/07
how nimble really? rx7racer   | 01/22/07
Maybe they just grabbed a headline from the news of the day ajole   | 01/22/07
Want non-Windows attacks? Try Java astro_z   | 01/19/07
yea it Krazyken39   | 01/19/07
Interesting... mdsmedia   | 01/19/07
Won't be long now... Linux User 147560   | 01/19/07
Hey, tell us how you really feel BXLE   | 01/19/07
What, Linux User 147560   | 01/19/07
Transparent as glass my friend Shelendrea   | 01/19/07
It's plain it must've been... Cardinal_Bill   | 01/19/07
Message has been deleted. Linux User 147560   | 01/19/07
It's censor, but that's beside the point. fuzzy2k   | 01/19/07
I have over Linux User 147560   | 01/19/07
did you ever consider xuniL_z   | 01/22/07
Using a Apple OSX or even old OS9 is still fun ralphrides   | 01/22/07
hey there xuniL_z   | 01/21/07
BCC Linux User 147560   | 01/21/07
P.S. fuzzy2k   | 01/19/07
In my house, I have (for desktops, not servers) Confused by religion   | 01/19/07
Heh Linux User 147560   | 01/19/07
BTW - it is funny... handydan918   | 01/19/07
THE DEVASTATION CAUSED BY COMPUTER VIRUS BALTHOR   | 01/19/07
There's a source. trm1945   | 01/19/07
And you'll be the first to complain... mdsmedia   | 01/19/07
Viruses are lucrative whisperycat   | 01/19/07
Too bad you fall into the opposite stereotype Confused by religion   | 01/19/07
You bait very well, are you a Master? handydan918   | 01/19/07
You don't carry the point through though 1stcyberian   | 01/22/07
I don't disagree... handydan918   | 02/02/07
Milly shoots the messenger while ignoring the message whisperycat   | 01/19/07
Cats and Dogs harrisharris   | 01/19/07
So you're saying via this... Cardinal_Bill   | 01/19/07
Please, don't you realize xuniL_z   | 01/21/07
A meaningless, ad-hominem attack whisperycat   | 01/22/07
yep xuniL_z   | 01/22/07
You so totally miss the point. 1stcyberian   | 01/22/07
Stom the insanity, drop Vista, get that Apple now! ralphrides   | 01/22/07
All you can do is TokyoPete   | 01/19/07
Perfect Candidate triso   | 01/20/07
Why use a spotty GUI when Apple has a solution? ralphrides   | 01/22/07
Same Boat Ole Man   | 01/22/07
5 Macs Stuart Austwick   | 01/19/07
again MAC this is a pity Krazyken39   | 01/19/07
Yeah email is equal...the attachments aren't. mdsmedia   | 01/20/07
Limited Choices mcgilbdd@...   | 01/19/07
Worms and MS vs security 30bob1   | 01/19/07
Several methods of positive help mdsmedia   | 01/20/07
About several methods sweklaweklfwe@...   | 01/20/07
Happy to have English as my 2nd language tsarkon   | 01/21/07
SPAM knows no language barriers cdgoldin   | 02/28/07
Security and cost issues ralphrides   | 01/22/07
Who still uses email programs that don't block EXEs?! (NT) PB_z   | 01/19/07
The Microsoft Way frgough   | 01/20/07
Antivirus scanning is always behind the eightball... Boomslang   | 01/20/07
Yawn, my machine is immune NonZealot   | 01/20/07
Don't US ISP's scan for spam and viruses before they enter your mailbox mrjonno   | 01/22/07
Mac OS X Security Update 2006-007 Fixes Multiple Vulnerabilities CorpWinUser   | 01/22/07
Vulerabilty is not an incident you f---, fool ha ha! ralphrides   | 01/22/07
Storm Worm Came at just the right time tracy anne   | 01/23/07
Norton Antivirus for Macintosh trm1945   | 01/23/07
Storm Worm? rrl1@...   | 01/23/07
Very insightful. handydan918   | 02/02/07

What do you think?

advertisement