Q

Is the Storm worm virus still a serious threat?

Today, attackers continue to have success with the Storm worm and its many variations, using the malware to strengthen their nasty botnets. In this SearchSecurity.com Q&A, expert Ed Skoudis explains why these rather run-of-the-mill attacks are still a problem today.

It seems that variants of the Storm worm are still a significant threat. Do you agree, and what should be done by the industry and individual organizations to stop variants of the Storm worm?
Storm is one of those lingering worms that frequently gets tweaked and gains new functionalities. Originally unleashed in January 2007, this worm spreads primarily as an executable email attachment. This malware has infected over one hundred thousand machines. It gets its name from the title of the original email, "230 dead as storm batters Europe," which referred to a vicious winter storm that hit Europe in January as the worm was launched. The email exhorts users to click on the attachment to learn more about the big storm. When run, the attachment installs a bot on the victim's computer, which gives the attacker remote control over that machine -- a pretty straightforward attack that is certainly very common today. After all this time, too many users run executable email attachments.

Even when the original Storm worm was quickly added to antivirus filters, the attacker began to change it. Major new variations were released in February and April 2007, with subtle tweaks still going on today, such as putting the .exe attachment inside a password-protected ZIP file (with the password included in the body of the email). Despite these run-of-the-mill tactics, attackers are still using them to successfully build even...

bigger botnets.

How can we deal with this? I believe that we need major educational awareness campaigns, not just for corporations and government agencies, but for the public, telling folks to keep their systems patched and to not run .exe email attachments. Corporate security awareness initiatives often get pooh-poohed as ineffective, but what is really needed is a national effort to educate the public, possibly like the McGruff campaign from the National Crime Prevention Council. During a time when crime usually involved physical theft, the campaign emphasized the importance of locking doors and reporting suspicious activity. Today, a good deal of crime is computer-based, and we as an industry need to educate the public accordingly.

More information:

  • See how a variation of the Storm Trojan used blogs to spread rootkits.
  • Learn about January's Storm worm attack.
  • This was first published in July 2007

    Dig deeper on Email Security Guidelines, Encryption and Appliances

    Pro+

    Features

    Enjoy the benefits of Pro+ membership, learn more and join.

    Have a question for an expert?

    Please add a title for your question

    Get answers from a TechTarget expert on whatever's puzzling you.

    You will be able to add details on the next page.

    0 comments

    Oldest 

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    -ADS BY GOOGLE

    SearchCloudSecurity

    SearchNetworking

    SearchCIO

    SearchConsumerization

    SearchEnterpriseDesktop

    SearchCloudComputing

    ComputerWeekly

    Close