April 13, 2007 5:34 AM PDT

Storm worm variant ignites e-mail virus deluge

Thursday likely marked the largest proliferation of e-mail virus attacks in more than a year, according to security company Postini.

Postini said that two variations of the Storm worm virus, which originally spread across the Internet in January, have quickly driven global virus levels 60 times higher than their daily average. E-mail users should be on alert for messages with "love"-related subject lines and an executable attachment that would contain a Trojan virus, as well as messages with "Worm Alert!" subject lines that contained a .zip file full of malicious code.

Postini, which is based in San Carlos, Calif., says it processes more than 2 billion messages per day in order to compile its reports.

According to warning notices from Postini as well as VeriSign, which also has been following the threat, clicking on the executable file in one of the new Storm worm e-mails installs a rootkit with anti-security measures that mask the malicious software's presence from virus scans and shut down security programs that may be running. The virus then taps into a private peer-to-peer network where it can download new updates and upload personal information from the compromised computer. Additionally, the virus scans the machine's hard drive to locate e-mail addresses to which it can replicate itself.

Ultimately, computers infected with this virus become unknowing "zombies" in a botnet that are used to send out spam and further the attacks. "It is highly likely that this latest attack will result in many more downloads, pump-and-dump attacks, and more as seen with former Storm worm attacks to date," Ken Dunham, director of VeriSign's Rapid Response Team, said in a statement Thursday.

The recent Storm worm proliferation, coupled with a similar attack earlier this week that involved e-mails with "missile attacks" in the subject line, have made this the most active week for e-mail virus attacks in at least a year, according to Postini.

See more CNET content tagged:
Postini Corp., e-mail virus, subject line, VeriSign Inc., security company

13 comments

Join the conversation!
Add your comment
Stupid Yahoo Mail Did Not Catch These
Stupid Yahoo Mail's non-existent spam filter did not catch numerous fake emails that purported to be security patches. These emails contained Zipped executeables.
Posted by Stating (869 comments )
Reply Link Flag
Do not receive updates through Yahoo
You do not receive updates through Yahoo mail. This should be a dead giveaway that the email is suspect.

For Windows updates, go to windowsupdate.microsoft.com -

For software updates go to the software manufacturers' or developers' website and get the update directly from them.

One of the oldest rules in computerdom is DO NOT open attachments from emails that you do not recognize.
Posted by johnm371 (6 comments )
Link Flag
Do not receive updates through Yahoo
You do not receive updates through Yahoo mail. This should be a dead giveaway that the email is suspect.

For Windows updates, go to windowsupdate.microsoft.com -

For software updates go to the software manufacturers' or developers' website and get the update directly from them.

One of the oldest rules in computerdom is DO NOT open attachments from emails that you do not recognize.
Posted by johnm371 (6 comments )
Link Flag
More than 200
Yes, More than 200 received yesterday. Stop those
worms from taking over your brain.
<a class="jive-link-external" href="http://brain.com" target="_newWindow">http://brain.com</a>
Posted by azareus (31 comments )
Reply Link Flag
It's always perspective...
A great comment about this from another article:

Ullrich added that it's frustrating that this type of attack, which depends on users opening an attachment from an unknown sender, still works ... and works so well. "It's user stupidity, and that's the thing there is no patch for."

(<a class="jive-link-external" href="http://www.informationweek.com/security/showArticle.jhtml;jsessionid=1BUBANDDYOU5UQSNDLPSKHSCJUNN2JVN?articleID=199000691" target="_newWindow">http://www.informationweek.com/security/showArticle.jhtml;jsessionid=1BUBANDDYOU5UQSNDLPSKHSCJUNN2JVN?articleID=199000691</a>)
Posted by Kings X Rocks! (89 comments )
Reply Link Flag
Hey, if they bought a virus platform, why
would you expect them to be smart enough not to open
attachments?

User stupidity starts at the computer store.
Posted by Macsaresafer (802 comments )
Link Flag
Who actually opens these files?
Even if the email gets through your filter you still need to open the zipped file for it to do anything. How do people not know by now that they shouldn't open random files that show up in their inbox?
Posted by umcrouc0 (53 comments )
Reply Link Flag
Most computer users uneducated
If you are reading C|Net news, you are most likely more
computer illiterate than 95% of the users out there. Considering
the proliferation of viruses, there are obviously a lot of people
that don't have a clue. In fact, I best most of them have no idea
that they are infected.

It's not like the old days where if you had a computer you were
most likely computer literate. These days computer users
include moms, dads, grandparents, aunts &#38; uncles, kids, etc.
They are ignorant of threats to their computers. They open
them, get infected, and innocently pass them on to family and
friends. It's no different than the people that get ripped off by
the con artist outside the bank or store.
Posted by i,Jimbot (65 comments )
Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.