Ask the Expert

Is the Storm worm virus still a serious threat?

It seems that variants of the Storm worm are still a significant threat. Do you agree, and what should be done by the industry and individual organizations to stop variants of the Storm worm?

Requires Free Membership to View

Storm is one of those lingering worms that frequently gets tweaked and gains new functionalities. Originally unleashed in January 2007, this worm spreads primarily as an executable email attachment. This malware has infected over one hundred thousand machines. It gets its name from the title of the original email, "230 dead as storm batters Europe," which referred to a vicious winter storm that hit Europe in January as the worm was launched. The email exhorts users to click on the attachment to learn more about the big storm. When run, the attachment installs a bot on the victim's computer, which gives the attacker remote control over that machine -- a pretty straightforward attack that is certainly very common today. After all this time, too many users run executable email attachments.

Even when the original Storm worm was quickly added to antivirus filters, the attacker began to change it. Major new variations were released in February and April 2007, with subtle tweaks still going on today, such as putting the .exe attachment inside a password-protected ZIP file (with the password included in the body of the email). Despite these run-of-the-mill tactics, attackers are still using them to successfully build even bigger botnets.

How can we deal with this? I believe that we need major educational awareness campaigns, not just for corporations and government agencies, but for the public, telling folks to keep their systems patched and to not run .exe email attachments. Corporate security awareness initiatives often get pooh-poohed as ineffective, but what is really needed is a national effort to educate the public, possibly like the McGruff campaign from the National Crime Prevention Council. During a time when crime usually involved physical theft, the campaign emphasized the importance of locking doors and reporting suspicious activity. Today, a good deal of crime is computer-based, and we as an industry need to educate the public accordingly.

More information:

  • See how a variation of the Storm Trojan used blogs to spread rootkits.
  • Learn about January's Storm worm attack.
  • This was first published in July 2007