Storm malware still blowing strong

Storm malware still blowing strong


One year on and no sign of fading away

The 2007 Global Threat Report from Bratislava-based security firm ESET has highlighted the huge success of the Storm worm.

The report looked at the social engineering tactics used over the past 12 months and the duration of each technique.

ESET believes that malware authors closely monitor the effectiveness of each ploy in an attempt to aid propagation and infection.

"Storm is a good example of a modern threat that uses advanced technology to infect PCs and maintain its foothold on compromised systems by any means available," said Andrew Lee, chief research officer at ESET.

"It is unique in that its programmers, and the bot-masters they work with, are paying a great deal of attention to maintaining the botnet, releasing frequent updates to evade detection by anti-malware and intrusion detection systems."

A sign of Storm's sophisticated structure and self-updating mechanism is that different components are detected under several different names, even by a single security product.

The Global Threat Report noted that computers running Microsoft's Windows were not the only target during 2007, and that October saw one of the first attacks targeting Apple machines running Mac OS X.

The malware attack targeting OS X resembled W32/Zlob, but was rudimentary compared to cutting-edge Windows malware.

Despite the emergence of more complex threats in 2007, older types of malware such as mass mailers are still circulating in vast quantities.

A sample of 4,251 million emails monitored by ESET from 1 January to 10 December 2007 found that 33.8 million carried malicious content such as a malware attachment or a link to a website containing malicious code.

The most prevalent email-borne threat was malware that closely resembled Win32/Stration.XW (aka Warezov or Stration) which has been around since mid-2006.

Win32/Stration.XW is used to send unsolicited emails and often arrives as an attachment which tries to disguise itself as a normal text file by modifying its own icon.

ESET saw variants of Stration during 2007 that also used MSN Messenger or Skype to send copies of themselves.