Storm malware shapes up as worst 'weather' in years
Symantec: Web hasn't seen an infection like this since 2005's Sober.O
IDG News Service - Malicious software that was sent out in millions of spam messages over the weekend has now infected about 300,000 computers, making it the worst malware outbreak since 2005, Symantec Corp. said Monday.
The so calledStorm Worm e-mail messages first started appearing last Wednesday, advertising attached news reports on topics like "230 Dead as storm batters Europe," or "U.S. Secretary of Sate Condoleeza Rice has kicked German Chancellor."
The attachments have names such as "Full Story.exe" or "Full Video.exe." Once they are launched, these files install malicious software that then waits to receive further instructions over the Internet.
The malware is not actually a worm, however, and infected PCs do not immediately start spreading the software to other computers. Instead, Storm has been spreading more rapidly over the past few days as its creators have pumped out more and more malicious e-mail messages.
"Over the weekend, it really kicked into high gear," said Patrick Martin, senior product manager with Symantec Security Response.
The last time malicious software spread this quickly was in May 2005, when the Sober.O mass-mailing worm affected a similar number of systems, Martin said.
The latest versions of the worm include similarly provocative news headlines and malicious attachments, but the criminals have added a twist over the past few days: the text of the e-mail messages now contains glowing reviews of penny stocks, apparently designed to fuel "pump and dump" stock scams.
Some of the e-mail messages have also been changed to prey on the romantic, security vendor F-Secure Corp. warned. Recent versions of these Trojan e-mails have contained subject lines such as "A Bouquet of Love," "A Day in Bed Coupon," or "A Monkey Rose for You."
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Defense Throughout the Vulnerability Life Cycle This whitepaper provides insight into how to leverage threat and log management technologies to protect your IT assets throughout their vulnerability life cycle.
- Mobile Policy Checklist Here's what to consider when putting together a mobile policy designed to support a highly productive workforce.
- Securing BYOD Mobile computing is becoming so ubiquitous that people no longer bat an eye seeing someone working two devices simultaneously. Individuals and organizations are...
- Live Webcast On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Live Webcast Endpoint Backup & Restore: Protect Everyone, Everywhere Arek Sokol from the bleeding-edge IT team at Genentech/Roche explains how he leverages cross-platform enterprise endpoint backup in the public cloud as part...
- Streamline Software Asset Management, Compose a software Management Symphony Keeping track of your organization's software is easy with effective software management solutions from CDW. View the videos in our software solutions channel
- Druva inSync: Endpoint Data Protection & Governance CLICK HERE to watch this video about protecting corporate data on laptops and mobile devices, sponsored by Druva. All Security White Papers | Webcasts