We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

New variant of Storm worm detected

Security researchers don't believe it will last very long

A new variant of the Storm worm, which first appeared in early 2007, has been targeting web users.

However, according to security researchers, it does not appear to be as well-designed as its older relative.

During its first outing, the Storm worm spread quickly, making it one of the most prolific and widespread worms ever.

Once it infected people's computers, the worm sent million upon millions of spam messages.

The Shadowserver Foundation, which tracks botnets, first received a sample of the new version of the worm on April 13, said Steven Adair.

The worm was then reverse-engineered by the Honeypot Project, which studies threats on the internet.

The new worm was found to be based on the old code, but some of the elements that made Storm difficult to disrupt were gone, according to a blog post from the organisation.

The new Storm doesn't communicate using a peer-to-peer system, a decentralised way to have computers infected with the code communicate with each other and receive new spam instructions.

That may be because researchers have been effective in disrupting peer-to-peer botnets, Adair said.

The new Storm communicates via HTTP traffic, but it is programmed to receive instructions from one IP address hosted by a server in the Netherlands.

The ISP hosting that server has been contacted, Adair said.

Since it is receiving instructions from just one IP address, it means the new Storm may not last that long, Adair said.

It is also not employing fast flux, which allows an administrator to quickly point a domain name to a new IP address, making it harder to shut down.

The new Storm "doesn't seem as resilient as the older version", Adair said.

It's not known how many computers may be infected with the new Storm.

Computers are believed to be getting infected through drive-by downloads, where a website attacks a user's computer looking for software vulnerabilities in order to deliver malicious software.

Adair said those websites delivering Storm via Neosploit, a toolkit used to attack a computer several different ways.

The worm is sending out pharmaceutical, adult dating and celebrity-related spam messages, wrote Ricardo Robielos III, a research engineer with CA.

He said it was sending out a "massive" volume of spam to targeted recipients.

See also: New Storm attack preys on Facebook users


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia