This “storm worm“, as it’s being referred to colloquially, is quite nasty and there is activity out there on this one. Also, F-Secure has reported that it’s started using rootkit technology.
Using email as an infection vector, it uses current events in the subject line, as F-Secure describes:
- Russian missle shot down Chinese satellite
- Russian missle shot down USA aircraft
- Russian missle shot down USA satellite
- Chinese missile shot down USA aircraft
- Chinese missile shot down USA satellite
- Sadam Hussein alive!
- Sadam Hussein safe and sound!
- Radical Muslim drinking enemies’ blood.
- U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
- U.S. Southwest braces for another winter blast. More then 1000 people are dead.
- Venezuelan leader: “Let’s the War beginning”.
- Fidel Castro dead.
- Hugo Chavez dead.
- And the attachment names are:
- Video.exe
- Full Video.exe
- Read More.exe
- Full Text.exe
- Full Clip.exe
There are other .exes it will use. These type of attachments are always a security risk, and blocking them is just a fine idea.
Alex Eckelberry
(Hat tip to Ferg)