'Storm' Spam Surges, Infections Climb - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Software // Enterprise Applications
02:58 PM

'Storm' Spam Surges, Infections Climb

Newer versions of the spam dumped more infected messages into in-boxes and duped an increasing number of users to launch the files and thus compromise their computers.

The "Storm worm" that blasted across the Internet late last week spread Monday as security companies repeated their warnings and raised alert levels to new highs.

Actually a Trojan downloader, the payload has been given a variety of names by antivirus vendors, including Peacomm (Symantec) and Troj/Dorf-Fam (Sophos). It arrives in widely spammed messages with several possible subject heads and as a number of differently named executable files.

Its nickname comes from one of the original spam subject heads: "230 dead as storm batters Europe."

After an initial spam blast early Friday that produced infections worldwide, the Trojan's impact fell sharply. Later spam runs, however, dumped more infected messages into in-boxes and duped an increasing number of users to launch the files and thus compromise their computers.

"This looks like a worm because of the volume of e-mail, even though it's a Trojan," says Dave Cole, the director of Symantec's security response team. "We're on spam run No. 4 now, with millions of messages having been sent so far."

The large volume of infected messages spammed so far prompted Cole's company to up the threat rating to a "3" in its 1 through 5 scoring system. The last time Symantec classified a piece of malware as a "3" was in late 2005, says Cole.

"But we've also seen a number of changes [to it]," says Cole as he justified the more dire rating. The attacker "is changing the enticements, changing some of the evasion techniques, too, including encryption."

On the enticement front, the weekend's runs have been loaded onto e-mail messages with a wider variety of subject heads, including such fanciful lines as "Chinese missile shot down USA satellite," "Sadam Hussein alive!," and "U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel."

"He's in a cat-and-mouse game. He's watching what we and other antivirus [companies] are doing and making adjustments," says Cole. The attacker's tactics include encrypting the peer-to-peer communication channel he's using to control the compromised PCs and rapidly modifying the packaging of the Trojan to evade detection and deletion.

As of Monday, the Trojan accounted for 8% of all infections globally. "That's not huge, but it's not small, either," says Cole.

Other security companies, including Finland's F-Secure, reported Monday that they were seeing rootkit cloaking techniques in some variants. Rootkits can hide malware's files and actions from security software. Sophos, meanwhile, said that it had detected the Trojan-laden spam originating from computers in more than 80 countries.

"It's not terribly sophisticated technically," says Cole, "but it's increasingly bigger."

Security vendors have recommended that users update their antivirus signatures and, if they're using anti-spam software, that defense as well.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
COVID-19: Using Data to Map Infections, Hospital Beds, and More
Jessica Davis, Senior Editor, Enterprise Apps,  3/25/2020
Enterprise Guide to Robotic Process Automation
Cathleen Gagne, Managing Editor, InformationWeek,  3/23/2020
How Startup Innovation Can Help Enterprises Face COVID-19
Joao-Pierre S. Ruth, Senior Writer,  3/24/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
IT Careers: Tech Drives Constant Change
Advances in information technology and management concepts mean that IT professionals must update their skill sets, even their career goals on an almost yearly basis. In this IT Trend Report, experts share advice on how IT pros can keep up with this every-changing job market. Read it today!
Flash Poll