Storm worm anniversary brings fresh variants

Summary:A year after the first Storm worm attack, security companies have warned of more variants being sent out in spam

The anniversary week of the first Storm worm attack has brought warnings of more Storm variants being sent out in spam.

The attacks are using variants of malicious code known as Troj/Dorf-AP by Sophos and Trojan.Peacomm.D by Symantec.

Sophos researchers believe the spam run is an attempt to dupe users into downloading backdoor code, which will then download further malicious code from the internet.

The social-engineering technique attempts to trick users into clicking on a link in a "Valentine's Day" email, according to a Sophos blog post.

"The body of the email contains a link to an IP-address based website, which is actually one of the many compromised PCs in the Storm botnet," said Sophos. "The website displays a large red heart, while installing malware onto the vistors' PC."

Symantec researcher Hon Lau said that a spam run attempting to exploit St Valentine's Day was perhaps premature.

"I don't know about you, but I feel that this campaign has started a little bit too early," wrote Hon in a blog post. "Maybe the Peacomm creators feel that they need a head start this time, since they started a bit late on their Christmas 2007 campaign. After all they don't want to miss the boat when it comes to gathering more bots for their network."

The original Storm worm code, so named because the first spam run coincided with a severe winter storm in Europe, will reach its first anniversary on 19 January.

Topics: Security

About

Tom is a technology reporter for ZDNet.com, writing about all manner of security and open-source issues.Tom had various jobs after leaving university, including working for a company that hired out computers as props for films and television, and a role turning the entire back catalogue of a publisher into e-books.Tom eventually found tha... Full Bio

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.