Friday, January 19, 2007

"Storm Worm" Hits Computers Worldwide

This bit of not-so-good news just in from c|
"Update: The new "Storm Worm" is baiting people with timely information about a real-life, deadly front in Europe and is creating one of the larger worm attacks in recent years, security researchers said Friday.

Over an eight-hour period Thursday, the worm sent malicious e-mails across the globe to hundreds of thousands of people, who unknowingly were part of a botnet, said Mikko Hypponen, chief research officer for F-Secure. A botnet serves as an army of commandeered computers, which are used by attackers to distribute malicious payloads without their owners' knowledge.

Storm Worm carries the subject line "230 dead as storm batters Europe," Hypponen said, noting the unusual twist to the e-mail.

"The e-mail was started 15 hours ago, when the storm was peaking in Central Europe," Hypponen said. "This is unusual in that it was very timely."

The attached file contains malicious code. That e-mail, via the botnet, has quickly spread the worm.

The worm is already close to being as large as the bigger ones of 2006, Hypponen said, though it's still smaller than Sasser and Slammer.

Hypponen also noted that the worm is unusual because most attacks these days tend to be smaller and targeted, as criminals seek to pilfer personal information for financial gain, rather than fame.

Though the worm is widespread, the damage may ultimately be minimal in the U.S. because most tech security companies will have already added the virus to their blocking list before people get into work, he added.

Other e-mail subject lines for the worm include "U.S. Secretary of State Condoleezza…" and "A killer at 11, he's free at 21 and..."

Hypponen told Reuters that most people would not notice the malicious software, which creates a back door to a computer that can be exploited later to steal data or to use the computer to post spam."

Don't be a victim. Use yer 'ed, mate.