Consumer Alert: Massive Virus Outbreak

[QUOTE]A huge virus surge of a new Storm Worm variant is flooding e-mail inboxes and evading many antivirus programs. In my tests of 31 programs, only four reported a virus…
[/quote]
http://www.pcworld.com/article/id,130686-c,virusesworms/article.html

I hope Awil is on top of this.

Edit:

I just got this alert from Symantec.

“As of April 12, 2007, Symantec Security Response is monitoring a massive surge of email spam containing the threat Trojan.Peacomm (also known as the Storm Trojan). This spam campaign is one of the largest identified in recent months. This threat was originally discovered in January 2007 but has been repackaged in this particular spam surge.The specific characteristics of this attack have continued to evolve over time and this is simply the latest example of the attackers attempting to compromise large numbers of unprotected systems. This trojan horse arrives as an attachment to an email purporting to contain a security patch. The email appears to warn the user about a malicious threat and implies that the file attachment is a security patch that will protect the user from this threat. However, the attachment itself is a malicious threat.”

People should be on top of this and exercise a degree of common sense don’t open attachments or click on links from unsolicited emails, there will always be new attempts to dupe people to click on links or open attachments.

The security patch social engineering one seems to reappear shortly after Patch Tuesday, people have to know security updates are disseminated in this way and they have to ask, how did they know I needed it and how did they get my email if I didn’t subscribe to this type of service.

A huge virus surge of a new Storm Worm variant is flooding e-mail inboxes and evading many antivirus programs. In my tests of 31 programs, only four reported a virus...

The biggest test of all the human brain/common sense, should be able to see off these social engineering attempts to infect their system.

http://blogs.authentium.com/virusblog/

Command antivirus team has a good blog entry on the latest virus outbreak

Thanks for the heads up on this one. :wink:

‘Storm Worm’ surge exposes AV deficiencies
http://blogs.zdnet.com/security/?p=165
I spent a good portion of my day watching the Storm worm mutate from EXEs being spammed through to ZIP files in password protected bodies. This is a change in tactics for the Storm Worm team and has proven to be effective at evading AV. The Storm Worm is malware designed to install spammer toolkits.

http://asert.arbornetworks.com/2007/04/storm-worm-gifs-passwords-zips-and-alerts/

Be they zip or password protected zip file attachments, the mark 1 human brain really should be able to know better than open attachments or click links in unsolicited emails.

Unfortunately there are many who click first and think after the dark and sticky stuff hits the fan.

Hi malware fighters,

This new variant of the Storm-worm (actually it is a virus) lies hidden inside an encrypted zip-archive. This makes it more difficult for security software to detect it. Only KAV seems quite successful in detecting all variants.

The zip-file is send as an email attachment with some subject like ‘Worm Alert’, ‘Virus Alert’, ‘Worm Activity Detected’ or any variant thereof. Apparently the mail is meant to look as a malware-outbreak alert and advises the user to install the attachment that comes with it. The password to do this is in an attached image file.

Upon opening the file the PC is infected and then opens up a malware connection to a p2p-network, sending passwords and other critical personal data, furthermore additional malware can be downloaded to turn the machine into a zombie computer.

As researcher Johannes Ullrich from Internet Stom Center states it is very difficult to cleanse the infection. “Probably users have nothing left but completely reinstall their system”. Also the fact the malware uses a p2p-network and no server, is an additional handicap.It is frustrating to see that this kind of malware, where users should actively install malware is still successful. “There is no patch for someone without a brain!”

polonus