[pchelpers] News:This worm is one quiet Storm

October 14, 2007
By JIM THOMPSON


It's January of 2007. Email users around the world are receiving
messages bearing the subject "230 dead as storm batters Europe".
Attached to the email is a small program with an innocuous name such as
"Full Story," "Read More," or "Click Here". If the recipient opens the
attachment, it silently contacts a peer-to-peer network, which it uses
to download and install a root kit. The root kit hides the malware and
enables it to load into Windows automatically. Then program does
something even more sinister...

Nothing.

It doesn't reformat the user's hard drive. It doesn't encrypt the user's
files. It doesn't even ask for a cookie. It just sits there, waiting for
orders from the Mother Ship.

Since this worm was discovered in January, it has been given a variety
of names. Symantec calls it Trojan.Peacomm. McAfee calls it W32/Nuwar@MM
and Downloader-BAI. F-Secure calls it Small.DAM and -- after the subject
line under which it first began to spread -- Storm Worm. According to
Symantec, the worm infects Windows 95, 98, Me, 2000, NT, and XP, though
not Vista.

A fascinating analysis by security expert Bruce Schneier offers some
insight into how and why Storm does what it does.

More here:
http://blogs.chron.com/techblog/archives/2007/10/is_this_worm_the_perfect_storm.html
-- 
John Durham
Site http://modecideas.com
Server hosted on Ubuntu 4.10
Good advice is like good paint. It only works when applied.



-- 
-------list-services-below-----------
Regards, John Durham (list moderator) <http://modecideas.com/contact.html?sig>
Freelists login at http://www.freelists.org/cgi-bin/lsg2.cgi
List archives at http://www.freelists.org/archives/pchelpers
PC-HELPERS list subscribe/unsub at http://modecideas.com/discuss.htm?sig
Latest news live feeds at http://modecideas.com/indexhomenews.htm?sig
Good advice is like good paint- it only works if applied.

Other related posts: