Tech Shout!

There’s a new worm on the loose, but unlike the trivial MP3-eating one that we reported about yesterday, this one is called the Storm email worm and is casting an expanding shadow on the Internet.

SecureWorks, the largest managed information security services provider announced that it has noticed an onslaught of Storm Worm attacks in the last two months.

According to Joe Stewart, Senior Security Researcher for SecureWorks, “From the first of January to the end of May, we only saw 71,342 Storm attacks. However, since June we have blocked 20,200,101 Storm attacks.”

But this worm is not new to the cyber world, as it first spread to email inboxes in Europe and the US in January 2007 and then again in April this year, enticing recipients to click on a link for a fake news story about a deadly storm or some other dramatic event. Clicking the link turned the recipient’s PC over to Storm’s controller.

Soon after, when security companies began blocking such emails, Storm started sending out links to e-cards that posed to be sent from close friends or family.

Ben Greenbaum, senior researcher at antivirus supplier Symantec perfectly puts this as “the perfect example of the cat-and-mouse game where the author modifies the threat to stay ahead.”

“The number of unique, infected hosts (bots), from which the attack is being launched by email, has also increased dramatically,” said Stewart. “They went from 2,815 in the beginning of 2007 through the end of May to a total of 1.7 million for the months of June and July,” Stewart explained.

“Storm has historically been used for spam but the hacker, controlling the Trojan, has amassed so many infected hosts in the botnet that its network can easily support activities other than spamming,” said Stewart.

“We don’t know the motive of the Storm author; however one possible theory could be that the hacker plans to use the Trojan for more malicious activity than sending spam. It could be that the hacker is rapidly building up the botnet so it can be leased to other hackers so that they can launch massive attacks against whatever target they choose: an organization, country, etc. More than ever, it is critical that organizations and home computer users put protections in place to block the Storm Worm Trojan.”

The best defense against the Storm worm for corporate as well as home computer users is to be aware of the scams connected to the Storm Trojan, which includes emails containing links to fake e-cards from supposedly near and dear ones as well as news stories that highlight catastrophic events.

Stewart warns, “The Storm Trojan relies on social engineering as its best ally so it is really important that computer users keep their guard up and be suspicious of any unsolicited email containing an attachment or a link. Even if it mentions something you are familiar with or promises some sort of critical data, always check with the sender to see what it is and why they sent it.”

Yet another way that computer users can protect themselves from the Strom Trojan worm is to block peer-to-peer networking. “When the Storm Trojan runs, it attempts to link up with other infected hosts via peer-to-peer networking,” said Stewart. “If that function is blocked, then the user’s computer cannot become a part of the Storm botnet.”

And, in order to protect one’s corporate computer users from threats such as the Storm worm, organizations much hire themselves an in-house security team or even a managed security services firm. These teams employ experts who can track and block threats coming in via emails, the Web or via instant messaging.

Lastly, Stewart also advises users to keep their anti-virus software up to date, and he once again stresses to be cautious of any email attachment or link even if it appears to be from a familiar source.