The Storm Worm is proving to be among the most resilient, persistent pieces of malware ever. If you don’t remember, the Storm Worm first burst onto the IT Security scene in January 2007. The worm got it’s name because the first wave of propogtion spam that flooded inboxes had subject lines referencing a large storm that was pounding Europe at the time. Since then, the Storm Worm has morphed again and again, bringing an estimated 1.7 Million PCs into its Botnet in the process. Bot Herders have generally pushed the worm via a combination of emails containing links to worm infected websites. This of course means that IT must filter the worm at the email level and the browser level. Herders have also used infected zip file and excell file attachments to push the worm. Campaigns have varied: Virginia Tech Massacre, Greeting Card Spam, Password Protected Zip Files are just a few examples.
Currently, the Storm Worm herders are using emails with subject lines suggesting that the recipient is in a You Tube video. Anyone unsuspecting enough to click the link is taken to a malicious web page where they are attacked (and most likely infected) by the worm. Herders have also infected hundreds, possibly thousands, of Blogger Blogs with the malware.
This Storm just keeps on raging. An organization needs three elements to fight it: Robust email filtering. Robust web filtering. Security Conscious Employees that are trained to spot scams and not click on links or open attachments in suspect emails (the hardest part).