Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Storm Worm variant ignites e-mail virus deluge
ZDNet ^ | April 13, 2007 | Caroline McCarthy

Posted on 04/13/2007 10:31:55 AM PDT by holymoly

Thursday likely marked the largest proliferation of e-mail virus attacks in more than a year, according to security company Postini.

Postini said that two variations of the Storm Worm virus, which originally spread across the Internet in January, have quickly driven global virus levels 60 times higher than their daily average. E-mail users should be on alert for messages with "love"-related subject lines and an executable attachment that would contain a Trojan virus, as well as messages with "Worm Alert!" subject lines that contained a .zip file full of malicious code.

Postini, which is based in San Carlos, Calif., says it processes more than 2 billion messages per day in order to compile its reports.

According to warning notices from Postini as well as VeriSign, which also has been following the threat, clicking on the executable file in one of the new Storm Worm e-mails installs a rootkit with anti-security measures that mask the malicious software's presence from virus scans and shut down security programs that may be running. The virus then taps into a private peer-to-peer network where it can download new updates and upload personal information from the compromised computer. Additionally, the virus scans the machine's hard drive to locate e-mail addresses to which it can replicate itself.

Ultimately, computers infected with this virus become unknowing "zombies" in a botnet that are used to send out spam and further the attacks. "It is highly likely that this latest attack will result in many more downloads, pump-and-dump attacks, and more as seen with former Storm Worm attacks to date," Ken Dunham, director of VeriSign's Rapid Response Team, said in a statement Thursday.

The recent Storm Worm proliferation, coupled with a similar attack earlier this week that involved e-mails with "missile attacks" in the subject line, have made this the most active week for e-mail virus attacks in at least a year, according to Postini.


TOPICS: News/Current Events; Technical
KEYWORDS: botnet; email; microsoft; stormworm; trojan; virus; windows; worm; zombies
E-mail users should be on alert for messages with...an executable attachment that would contain a Trojan virus

This easily avoided. Do not open attachments received in unsolicited emails.

For those who desire security software, that doesn't take a bite out of their wallet:

PC security-related links.   All software listed is freeware or open source.

Last Update: 12/24/2006
Anti-Virus:

AntiVir® Personal Edition
Windows 98/98SE/ME, 2000/XP.

Avast Home Edition
Windows 95/98/98SE/ME, 2000/XP.

AVG Anti-Virus
Windows 98/98SE/ME, 2000/XP.

BitDefender Free Edition
Windows 98/98SE/ME, 2000/XP.
On-demand anti-virus program.

ClamWin
Windows 98/98SE/ME, 2000/XP.
On-demand virus scanner. Detects, doesn't clean.

Dr. Web CureIT!
Windows 95/98/98SE/ME, 2000/XP.
On-demand, anti-malware (anti-virus/spyware). Detects and cleans. No installation required.

McAfee Stinger
On-demand anti-virus/trojan. No installation required. Fits on a 3.5" floppy.
Alternatives to MSIE, Outlook & Outlook Express:

Mozilla.org
Firefox browser, Thunderbird E-mail client, Mozilla Suite (1.7.13 is the final release).

Opera
Supports tabbed browsing, etc. Easier on resources than Firefox, Mozilla/Seamonkey. Unlike Mozilla, Opera currently has no plans to drop support for Windows 9x/ME.

Off By One
The world's smallest and fastest web browser. No installation required.

Popcorn E-Mail
Small, no-frills e-mail client.

Seamonkey
The successor to the Mozilla Suite.  Web-browser, e-mail/usenet client, IRC client, HTML editing, all in one application.

Xnews
Usenet client.
Anti-Adware/Spyware:

Ad-Aware SE
Windows 98/98SE/ME, 2000/XP.
On-demand scanner (Select "Ad-Aware Personal").

SpywareBlaster
Windows 95/98/98SE/ME, 2000/XP.
Prevent the installation of spyware and other potentially unwanted software!

SpywareGuard
Windows 98/98SE/ME, 2000/XP.
Full/real-time protection against spyware/malware.

Spybot - Search and Destroy
Windows 98/98SE/ME, 2000/XP.
Offers on-demand scanning and full/real-time protection.

Spyware Terminator
Windows 98/ME, 2000/XP.
Real-time protection. Remove spyware, adware, trojans, keyloggers, home page hijackers and other malware threats.
Firewall:

Kerio Personal Firewall 2.1.5
Windows 98/98SE/ME, 2000/XP.
(Last freeware version)

Tiny Personal Firewall 2.0.15A
Windows 95/98/98SE/ME, 2000/XP.

Tiny Personal Firewall 2.0.9
Windows 98/98SE/ME, 2000/XP.
(Last freeware version)

ZoneAlarm Free Download
Note:  Zonealarm is dropping support for Win9x/ME.

Zonealarm at Oldversion.com
For those who need a version compatible with Windows 9x/ME.
Technical Help:

CastleCops Security Forums

Cyber Tech Help Support Forum

SpywareWarrior.com Forum

VirtualDr Forums

How To Ask Questions The Smart Way
This guide will teach you how to ask questions in a way that is likely to get you a satisfactory answer.
How-to and Tutorial:

PCWorld: How to Install a Firewall

Using Ad-Aware SE

Using Spybot - Search and Destroy
Useful sites, etc.:

Firewall Test, Security Test and Security Scan

Leak Test
Test your firewall against internal extrusions (leaks).

Shields Up
Firewall Test.

Spyware/Adware/Malware FAQ and Removal Guide

SpwyareWarrior.com
Waging the war against spyware!

U.S. Computer Emergency Readiness Team

Miscellaneous:

MVPS HOSTS File
Don't surf the Net without it!

Ping Plotter
Internet diagnostic tool.

Proxomitron
Windows 95/98/98SE/ME, 2000/XP.
A free, highly flexible, user-configurable, small, but very powerful, local HTTP web-filtering proxy.

WinPatrol
A robust SECURITY MONITOR.  WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission.
Zeroday Emergency Response Team (ZERT)

"The nonprofit Zeroday Emergency Response Team is offering VML security patches for out-of-support Windows OS versions.

The volunteer group, which is made up of well-respected security professionals, has released updates for Windows 98, Windows 98 SE, Windows ME, Windows 2000 and Windows 2000 SP3."

(eWeek)

1 posted on 04/13/2007 10:32:00 AM PDT by holymoly
[ Post Reply | Private Reply | View Replies]

To: holymoly

bump


2 posted on 04/13/2007 10:38:44 AM PDT by lafroste (gravity is not a force. See my profile to read my novel absolutely free (I know, beyond shameless))
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

.


3 posted on 04/13/2007 10:42:14 AM PDT by ScreamingFist (Annihilation - The result of underestimating your enemies. NRA)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

Thanks for the heads-up, holymoly. BTTT


4 posted on 04/13/2007 10:42:36 AM PDT by Chena (I want a President who will also be tough against liberalism. (Kevin McCullough))
[ Post Reply | Private Reply | To 1 | View Replies]

To: Swordmaker; HAL9000; martin_fierro

:’)


5 posted on 04/13/2007 10:43:51 AM PDT by SunkenCiv (I last updated my profile on Monday, April 2, 2007. https://secure.freerepublic.com/donate/)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly; SunkenCiv

Hey, good stuff!


6 posted on 04/13/2007 10:46:38 AM PDT by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

I guess we have to watch out for Global Worming now.


7 posted on 04/13/2007 10:55:17 AM PDT by techcor
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

Is this Global Worming?


8 posted on 04/13/2007 10:55:51 AM PDT by bigbob (2)
[ Post Reply | Private Reply | To 1 | View Replies]

To: techcor

dang, you got me by 34 seconds!


9 posted on 04/13/2007 10:57:23 AM PDT by bigbob (2)
[ Post Reply | Private Reply | To 7 | View Replies]

To: holymoly

bump


10 posted on 04/13/2007 11:04:37 AM PDT by knews_hound (Sarcastically blogging since 2004.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly
FWIW:

The 46 Best-ever Freeware Utilities

11 posted on 04/13/2007 11:07:12 AM PDT by martin_fierro (< |:)~)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly
I’ve been getting these. They masquerade as something to help with your computer security. Postini caught all but one before they even got to my pooter.
12 posted on 04/13/2007 11:14:27 AM PDT by colorado tanker
[ Post Reply | Private Reply | To 1 | View Replies]

To: rdb3; chance33_98; Calvinist_Dark_Lord; PenguinWry; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; ..

13 posted on 04/13/2007 11:16:22 AM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: bigbob

Gotta be fast around this place.


14 posted on 04/13/2007 11:18:15 AM PDT by techcor
[ Post Reply | Private Reply | To 9 | View Replies]

To: holymoly
Earlier today I got an email stating I was a "Winner". Mirosoft and AOL were giving out big cash prizes. I just needed to fill out some stuff and collect.

I informed them they should learn to spell Microsoft and that might help them with their scam.

I had thought they spelled it wrong on purpose to somehow avoid Microsoft Lawyers or something, but it was spelled correctly at the end of the email. They even had an MSN banner on top of the email.

15 posted on 04/13/2007 11:37:48 AM PDT by BallyBill (Serial Hit-N-Run poster)
[ Post Reply | Private Reply | To 1 | View Replies]

To: BallyBill
Earlier today I got an email stating I was a "Winner". Mirosoft and AOL were giving out big cash prizes. I just needed to fill out some stuff and collect.

My sister, who is completely ignorant of the internet, just sent me the same thing. I sent her back the above.

What I worry about is that she just bought a home computer and hooked up to Cox Cable for her internet service. I was trying to help her from afar as she couldn't figure out how to access stuff online. It turns out Cox was hit with a phishing memo that asked for personal information from cable customers. I saw that and told her about it. If she had seen it first, she would have dutifully filled out all the information, including her SS#, and sent it back to them. In this case ignorance is not bliss.

16 posted on 04/13/2007 12:15:14 PM PDT by CedarDave
[ Post Reply | Private Reply | To 15 | View Replies]

To: CedarDave

BUMP!


17 posted on 04/13/2007 12:31:34 PM PDT by Publius6961 (MSM: Israelis are killed by rockets; Lebanese are killed by Israelis.)
[ Post Reply | Private Reply | To 16 | View Replies]

To: holymoly
The virus then taps into a private peer-to-peer network where it can download new updates and upload personal information from the compromised compu

Shouldn't be that tough to trace where the updates are updates are coming from, and where the personal information is being uploaded to.

18 posted on 04/13/2007 12:39:58 PM PDT by aimhigh
[ Post Reply | Private Reply | To 1 | View Replies]

E-mail users should be on alert for messages with "love"-related subject lines and an executable attachment that would contain a Trojan virus, as well as messages with "Worm Alert!" subject lines that contained a .zip file full of malicious code.

I'll try to remember to watch out for those now that I've been warned! lol

19 posted on 04/13/2007 2:30:07 PM PDT by KarinG1 (Opinions expressed in this post are my own and do not necessarily represent those of sane people.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: CedarDave
A couple of years ago my daughter had her connection disconnected. When she called Cox to find out why they told her her PC was being used as a BOT to send spam. Her daughter lived at home yet and she would click on any link offered.

She has a iMac now and Cox has sold out to a group of hog farmers from Nebraska calling themselves Suddenlink. I talked to a local IT supervisor yesterday and told him to tell management that if service didn't improve I would start a letters to the editors of our two papers and I would call in to a local talk show.

20 posted on 04/13/2007 4:58:02 PM PDT by tubebender (Worry gives small problems big shadows)
[ Post Reply | Private Reply | To 16 | View Replies]

To: holymoly

Weird. A huge new malware outbreak, and I haven’t gotten a one. I feel bizarrely neglected.


21 posted on 04/13/2007 5:10:42 PM PDT by ReignOfError (`)
[ Post Reply | Private Reply | To 1 | View Replies]

To: holymoly

Excellant resource, thanks!!!


22 posted on 04/13/2007 5:55:15 PM PDT by herewego (Got .45?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ReignOfError
Weird. A huge new malware outbreak, and I haven’t gotten a one. I feel bizarrely neglected.

Don't feel bad. Those of us who've gotten off the microsoft treadmill feel similarly neglected. We're used to it by now. 

23 posted on 04/13/2007 10:23:42 PM PDT by zeugma (MS Vista has detected your mouse has moved, Cancel or Allow?)
[ Post Reply | Private Reply | To 21 | View Replies]

To: zeugma

Exactly... This affects my Suse Linux machine how? Oh, that’s right, it doesn’t...


24 posted on 04/13/2007 10:41:09 PM PDT by CodeMasterPhilzar
[ Post Reply | Private Reply | To 23 | View Replies]

To: zeugma

I’m all-Mac, for more than a decade, primarily Mac for almost two. I have XP in Parallels and I have Office for Mac, but it’s amazing how rarely I need or bother to launch either.

I could go completely Microsoft-free if I didn’t need to check the look of Web pages in Explorer for Windows, because that’s the grass most of the sheep are eating. I’m a firm believer in clean, standards-compliant code, but I’m also a firm believer in pages that look good or the largest possible number of people.

I wouldn’t touch Explorer or Outlook without a level-four biohazard suit, a 12-gague with deer slugs close at hand, and a twelve-foot pole. Twelve. I wouldn’t touch Outlook with a ten-foot pole. That’s too close.

But when the latest virus is making the rounds, though I have no fear of catching it, I usually notice its spoor in my inbox or spam bin. Could it be that my friends and family have wised up? Hope springs eternal!

The last virus that kicked my butt was Swen. I wasn’t infected, and had no fear of infection. But Swen harvested its target list from Usenet archives, and back in the day I was very active on Usenet, using my real name and e-mail address. It was a more innocent time.

Swen had a 186K attachment to each e-mail. It was an almighty flood. It had enough crafty features that it managed to dodge my filters. If I didn’t log in and trash the Swen messages every 24 hours or so, my e-mail quota filled up and the people I actually wanted to be in contact with me got bounce messages.

The virus hit the day before my vacation. I didn’t have the time to refine my filters to block the flood. So I had to find someplace for a little while each day where I could log on and delete spam. Whoever launched that little weevil is owed a boot in his ass fror screwing up my road trip.


25 posted on 04/13/2007 10:54:38 PM PDT by ReignOfError (`)
[ Post Reply | Private Reply | To 23 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson