backtop

Internet "Storm Worm" Virus Hits Computers Worldwide
Tuan Nguyen (Blog) - January 19, 2007 9:24 AM
Print E-mail del.icio.us 67 comment(s) - last by Frosen.. on Jan 25 at 12:10 AM
New virus plays on humanity concerns of email recipients

Finnish data security company F-Secure told reporters today that a computer virus called "Storm Worm" was sent to hundreds of thousands of email addresses globally. Knowing how many e-mail users do not blind-copy (BCC) their friends when sending mass e-mails, the numbers could be much higher. According to F-Secure, "Storm Worm" is spreading very quickly.

Representatives from F-Secure said "the Small.DAM (Storm-Worm) we posted on earlier spread very fast during the night, Helsinki time. The heavy seeding through spam was quickly obvious on our tracking screens. The worm was spread throughout the world very rapidly." The actual virus is called Small.DAM and at this time the origin of the virus is unknown.

F-Secure indicated that those who receive any of the following lines in the subject line of an email are likely recipients of the "Storm Worm" virus:

  • 230 dead as storm batters Europe.
  • A killer at 11, he's free at 21 and...
  • British Muslims Genocide
  • Naked teens attack home director.
  • U.S. Secretary of State Condoleezza...

The virus also comes with one the following attachments:

  • Full Clip.exe
  • Full Story.exe
  • Read More.exe
  • Video.exe

As of now, F-Secure advises that users act cautiously when working with their email, use common sense and have anti-virus measures installed. "Storm Worm" is a trojan and will allow an infected computer to be remotely controlled for malicious purposes such as a denial-of-service attack or data theft.

Comments     Threshold


This article is over a month old, voting and posting comments is disabled
Idiots?
By Spivonious on 1/19/2007 10:59:15 AM , Rating: 5
Ooh it says "read more.exe" that must be a link to a webpage. People are idiots if they think that .exe means "website". Just goes to show that some form of computer license is needed to be able to use a computer.




RE: Idiots?
By codeThug on 1/19/2007 11:30:09 AM , Rating: 5
let's see...

don't kick the dog
don't pee on an electrical fence
don't put your tongue in a light socket
.
.
.
and DON'T click on .exe's in email

hell, that's too much to remember...


RE: Idiots?
By Frosen on 1/19/2007 3:15:50 PM , Rating: 3
I get the point, but peeing on an electrical fence is just a myth. You won't get hurt at all. you're right though it's really tough to remember that exe means application, it's not like every program you've ever run had that extension. Oh wait a minute...


RE: Idiots?
By feelingshorter on 1/19/2007 6:33:41 PM , Rating: 2
The myth is true, from watching Mythbusters. Peeing on an electric fence is not a myth. You can, and do, get shocked peeing on an electric fence at close range.


RE: Idiots?
By TomZ on 1/19/2007 7:00:55 PM , Rating: 2
Voice of experience? :o)


RE: Idiots?
By Frosen on 1/25/2007 12:10:12 AM , Rating: 2
I did it. No shock. Was maybe a foot and half away. And the fence was live, we tried putting LED's on it (bad idea by the way). If you remember from the show, the circumstances they set up for someone to get a shock were such that them happening at the same time was so extrodinarly unlikely that one could say impossible. If i remeber correctly they deemed it plausiable and not confirmed.


RE: Idiots?
By Seymourbbuts on 1/19/2007 11:07:52 PM , Rating: 2
Have you not seen the CKY movies? I believe it is in the first one when Chris Raab pees on the electric fence and it shocks the crap out of him.


RE: Idiots?
By Chase Tacos on 1/22/2007 2:02:16 PM , Rating: 2
Lol CKY kicks ass. JTLYK


RE: Idiots?
By darkavatar on 1/19/2007 1:34:30 PM , Rating: 5
These days, most kids don't know what all those .exe/.jpg/.rar means since explorer hides them by default in winXP, which I think is a pretty bad idea.

(actually, I think a few of my classmates back in high school doesn't know either.....)


RE: Idiots?
By AppleMaster on 1/19/2007 3:00:12 PM , Rating: 5
quote:
(actually, I think a few of my classmates back in high school doesn't know either.....)


I think you need to go back to high school.


RE: Idiots?
By Lazarus Dark on 1/19/2007 9:53:18 PM , Rating: 2
Huh. yknow, I had never thought of that. Of course, when starting a new build of xp, one of the first things I do is enable showing file extensions. But a lot, if not most, probably dont mess with even simple things like that. How the hell do you even use a computer without seeing extentions? I can't even imagine. Maybe those mac people have a point about regular people need a dumbed down os to do everything for them.


RE: Idiots?
By Christopher1 on 1/19/2007 10:29:41 PM , Rating: 2
Well, Windows XP now ASKS you if you really want to open this program file when you open an EXE in an e-mail or even just on your desktop.

It even TELLS you that it is an application and not a web link, so anyone with half a brain who knows how to read at a KINDERGARTEN level shouldn't get zapped by this virus.


RE: Idiots?
By Wightout on 1/20/2007 3:47:01 PM , Rating: 2
Your OS and a lot of programs give you a lot of different warnings. Doesn't mean everyone reads them. Do you honestly go thru every disclaimer or waring your computer throws at you, or before you sign on to something by hitting "OK" or "Accept"?

People see an error report, or a warning box and they look for the "OK" or "Accept" button.

The problem is that these boxes come up a whole lot and thus people start ignoring them. It is the whole boy who cried wolf scenario. Not that i can think of a better way o get this done. =/

What hits people the worst is that these tend to come from friends and family. And you can trust your friends and family right? (Sarcasm =P)


RE: Idiots?
By othercents on 1/19/2007 2:07:10 PM , Rating: 1
Yes, but most viruses are written to launch when the email opens. Many times these auto launching viruses bypass some of the safety mechanisms built into Outlook. Granted if your using Hotmail or Yahoo you should be fine since they will keep you from downloading those files. However if you are a business you need to make sure that those emails are deleted before they get into an employee mailbox. Otherwise employees will just open the email which will automatically launch the virus.

Other


RE: Idiots?
By kkwst2 on 1/19/2007 5:26:44 PM , Rating: 3
AFAIK, all recent versions of Outlook will not automatically launch attachments on opening. In fact, I'm pretty sure it won't even display images automatically by default. It certainly doesn't auto-launch .exe files by default.

If you try to launch an .exe, it warns you by default.

To sum up, you're wrong [good-natured jab].


RE: Idiots?
By mindless1 on 1/19/2007 5:46:13 PM , Rating: 2
"Recent versions"? Then all we need to do is close down the company that made all the prior defective versions then refused to patch them to close this exploit.

Nobody should EVER buy a recent version of software from the same company to fix such a horrible flaw. It is an insult that any newer versions of Outlook are allowed to exist at all for profit.

Most savvy computer users know better (than to open these), but we are not talking about a savvy computer user application, we're talking about software the entire world plus dog had thrust upon them and it MUST be safe for even the old, the very young, the mentally handicapped, etc, etc, etc. In retrospect any kind of problem could be avoided, but nobody is perfect, outside of email everyone makes some kind of minor mistakes from time to time. MS should also be allowed to make mistakes, but not to leave them unpatched.


RE: Idiots?
By TomZ on 1/19/2007 5:57:33 PM , Rating: 2
Your logic is wrong. Ancient versions of software like Outlook did not know about viruses, since they were written before viruses were widespread and a threat. Since this type of security is a new software requirement and product feature, it is entirely reasonable for Microsoft to add this feature in new versions and expect customers to pay for upgrades.

Finally, I don't know of any version of Outlook that automatically executed EXE attachments, ever. If anything, the past few versions of Outlook have been particularly (overly?) proactive in that they block EXE file attachments entirely. AFAIK, there is no way for the end user to even access such an attachment type.


RE: Idiots?
By Christopher1 on 1/19/2007 10:32:15 PM , Rating: 2
I have to agree about the "viruses being a new threat" thing.

It is totally acceptable for Microsoft to want you to buy a new version of the software in order to get new protections against viruses. Viruses are a extremely new thing really, only in the past 5 years have they become a true problem.


RE: Idiots?
By mindless1 on 1/22/2007 5:30:29 AM , Rating: 2
You are arbitrarily ignoring what a virus is and how it's launched. There is no need whatsoever to classify the code as "bad", "virus", etc. There is no valid classification about what Outlook knows about. It is a more glaring glaring flaw that the email client has any option to run external code.

This is not at all a "new software requirement", you are out of your mind. Email borne viri have been around for several years, certainly before Office 95.

It is a bit of a joke that you act as though this is a NEW threat? Where in the world have you been? Obviously not using email very much. Granted a few years ago you wouldn't expect to get dozens of copies of a virus per day, but once in a while was not uncommon, and it only takes ONE to get infected, particularly if the recipient wasn't wise to the risks.

It's not just about blocking EXE, it's about ability to run external code. Lots of exploits arent the cut and dry send-EXE-wait-for-user-to-open. It does account for a lot of them but the underlying problem, and solution, is not restricting access to certain file types, it's removal of the underlying functionality. Restricting access prevents normal use (like saving the file instead of opening) while preventing code execution works.

If you want some separate limited rights sandbox for greeting card type presentation purposes, ok, let that be a default-disabled function a user can enable after it's been fully tested, not against some stereotypical virus but against external code execution.

Again, nobody should be buying newer versions of Outlook, they deserve the version they already had to be patched against this obvious defect. If you volunteer to keep funneling money into companies that don't care about your security except to the extent it helps them sell more product as a marketing feature, go ahead and spend your money any way you want to, but it is rather ludicrous for you to pretend that this subjective choice you make, somehow supercedes someone else's subjective choice not to do it.


RE: Idiots?
By AstroCreep on 1/19/2007 3:00:32 PM , Rating: 3
I work support in a corporate environment (blue-collar service-type of company), and you'd be surprised at the stupid amount of things people do on/with computers; things that would be classified as 'remedial' to a fairly competent computer user. And unfortunately we don't require any of our potential workers to complete a 'computer-competency' type of test before they are hired, nor do we really provide any kind of training (except for apps/systems that are new to the company).
Luckily, our e-mail filters at two-levels before hitting the client, so any 'blocked' file type won't (shouldn't) get through.
We don't block out .doc, .xls, or .zip, however, but being as how the bad-guys have found ways to use them maliciously, users are still at a risk.

"Hey, I opened an e-mail...it said AnnaKournikovaNude.zip, and now my computer won't run Internet..."

Yup, I handled a call like that once. Followed by another e-mail by the same user simply titled 'Uh-oh...'. :(


RE: Idiots?
By TomZ on 1/19/2007 6:10:30 PM , Rating: 2
I've seen this, too. The attitude is that the user can take more risks than they would otherwise, since they can always call the IT help desk and get someone to re-image their PC in case something bad happened. Pretty lame if you ask me.


RE: Idiots?
By frobizzle on 1/19/2007 5:24:15 PM , Rating: 3
The problem is that Microsoft in their infinite wisdom(???) decided that by default, file extensions are turned off in Windows. The way a lot of viruses use that is simple. Take a file and name it funstuff.html.exe Windows gratiously strips off the actual executable extension name, so Mr. or Mrs. Average User sees funstuff.html . This looks (to them) like a harmless web link and not a dangerous executable so CLICK! and now all sorts of nasty things are running on their PC.


RE: Idiots?
By TomZ on 1/19/2007 6:01:43 PM , Rating: 2
Most users can't even discern between the virus potential of one file extension versus another, so hiding or showing file extensions has no material affect on virus execution. For example, does the average Windows user knows whether CHM is a safe or unsafe file type? Is PDF always safe? How about JPG or GIF? Not that clear, is it?

What is important in Windows is the functionality added around WinXP SP2 that warns users before they execute downloaded EXEs and other potentially harmful file types.


RE: Idiots?
By mindless1 on 1/19/2007 5:41:36 PM , Rating: 1
Nope, it just does to show how negligent certain email app producers were to allow launching EXE. These email programs account for the majority of viri and should have been recalled, banned.


RE: Idiots?
By TomZ on 1/19/2007 6:05:32 PM , Rating: 2
What logic allows you to blame the e-mail software publisher for that problem? Why not also blame the ISP, or the Internet itself? How about the OS? The Ethernet device driver? They all also enabled the virus?

By your logic, you would blame gun manufacturers for muder, right?

Finally, hate to break it to you, but there are legitimate reasons to e-mail EXEs. Just like guns - it can be used for good or evil. A total ban is not a solution.


RE: Idiots?
By mindless1 on 1/22/2007 5:15:35 AM , Rating: 2
logic - unnecessary feature that should not be allowed, severe security risk

The ISP doesn't open EXEs on your system, if it did I would certianly blame them. Neither does the "internet".

You are horribly confused when thinking about things that transfer data rather than RUNNING CODE.

The gun manufacturer reference is ridiculous but we both knew that already. If an average person didn't mean to fire a weapon and it fired, yes I'd blame the gun manufacturer and the weapon should be recalled.

Finally, hate to break it to you, but I never wrote that there weren't legitimate reasons to email EXEs, rather there are obvious reasons not to have email clients running them.

A total ban of email clients that have any functionality to run EXEs is definitely one giant leap towards wiping out viri. Paring back the functionality of the browser would help a lot too, but there are more legitimate uses for the browser ActiveX, Java, etc, than there are for email clients being able to run applications.


RE: Idiots?
By KaiserCSS on 1/19/2007 10:12:35 PM , Rating: 2
Here's a tip for easy instruction!

.exe = a shorter version of the word "executable". When you "execute" a program in computer-jargon, you are starting an application.

I can guarantee that people will still stare at you with a blank face... some people are just too plain ignorant these days. Hell, I taught myself a lot of what I know about computers through the internet. And, to be frank, that's quite a bit.


I'M ON A MAC
By uberfu on 1/19/07, Rating: 0
RE: I'M ON A MAC
By Natfly on 1/19/2007 1:14:36 PM , Rating: 2
Good for you, and linux users don't have to worry about it either. And actually, the windows users that aren't total idiots don't need to worry about it either. I received one today that automatically got filtered as spam/virus anyway, although it was hard resist opening Video.exe on the miniscule chance that it actually was naked teens attacking a home director.


RE: I'M ON A MAC
By FITCamaro on 1/19/07, Rating: 0
RE: I'M ON A MAC
By Natfly on 1/19/2007 1:33:23 PM , Rating: 3
Teen does not mean underage.


RE: I'M ON A MAC
By AppleMaster on 1/19/07, Rating: -1
RE: I'M ON A MAC
By Natfly on 1/19/2007 3:04:46 PM , Rating: 2
18/19 = underage?
Also, it was a joke.


RE: I'M ON A MAC
By Hare on 1/19/2007 5:21:36 PM , Rating: 2
quote:
I'd prefer a video of all Macs on earth exploding so Mac users shut up.

There are stupid mac enthusiasts. Just like there are stupid Intel, AMD, Ati or nVidia enthusiasts. Don't label people just because a minority of them act like complete idiots.

I own both, macs and pcs and both have their weaknesses and strong sides. Which one is better? Depends on the user and usage. Let's just all try to get along ;)


RE: I'M ON A MAC
By TomZ on 1/19/2007 6:08:37 PM , Rating: 2
quote:
There are stupid mac enthusiasts. Just like there are stupid Intel, AMD, Ati or nVidia enthusiasts. Don't label people just because a minority of them act like complete idiots.

Apple's, and Jobs', arrogance is what makes Mac enthusiasts more annoying than enthusiasts for other brands, IMO.


RE: I'M ON A MAC
By Hare on 1/20/2007 4:35:43 AM , Rating: 2
Have you looked at advertisement from any other companies than Apple? Respected companies like Sun. "This thing won't melt your server room like the Intel servers".

Mercedes
"Finally a BMW that goes smoothly". On the picture there's a 5-series BMW on a Mercedes 18-wheeler.

What do you think about the scandal at HP or the investigations going on at Intel about Intel pressuring smaller companies?

I understand that Jobs might seem arrogant but I personally just find him charismatic and only slightly arrogant. You can't really question his vision or what he has done at Apple.

There are many companies that are a lot worse than Apple. Some of the claims (specifically in the G4 era) have been just stupid but these things should always be taken with a grain of salt. Apple is not alone boasting the figures. Take a look at home theater equipment. Philips is selling 500W amplifier and speakers for 99$. Yeah right...

The point of this rant was: Every single company has qualities that might annoy someone and no one is 100% honest and out there just to please the crowd instead of making a profit.


RE: I'M ON A MAC
By mindless1 on 1/22/2007 5:38:28 AM , Rating: 2
It is possible to build a 500W Class-D amp and some crappy speakers for $100.

I can't help but think your logic is all wrong, that having one company put out deceitful specs is not an acceptible excuse for another company to do same.

"But officer, by neighbor robbed a bank so why can't I?"


RE: I'M ON A MAC
By othercents on 1/19/2007 2:16:09 PM , Rating: 2
You know the day is going to come when all the PC users are going to say "I'm on a PC" as the Mac users try to figure out what happened to their undestructable computer.

Basically people write viruses for the biggest market. Right now it is PC, but as PC users get smarter and use more virus protection I'm sure people will start writing for Macs instead.

Other


RE: I'M ON A MAC
By Hare on 1/20/2007 4:42:07 AM , Rating: 2
Are you serious?

You sound like an old granny. "Mark my words. There will be a day when you'll be sorrryyyyy". Mac's don't have viruses NOW. Mac's will never have a similar virus threat that Windows machines have.

The mac is a challenge to many blackhats because it's so secure. You can bet your wallet that people have tried writing viruses for macs. The problem is that Mac users run their apps in sandboxes and viruses can't do anything without users actually granting the virus root/admin rights. This is the difference between Windows XP and Mac OS X. MS has finally implemented this properly with Vista and this alone is what makes Vista secure.


RE: I'M ON A MAC
By The Boston Dangler on 1/19/2007 8:18:17 PM , Rating: 2
http://www.macvirus.org/

05.25.06 MacVirus.org News posted by YeeFam
New Malware - Mac OS X
New Malware discovered. Not dangerous if you do not click on executable. Also, you must acknowledge yes or ok to let it infect your computer.


Hmmmmmm, where have I heard that before? Your day will come, sooner than you think. MMUUUAAAAHHHAAAHHAA


No threat
By Suomynona on 1/19/2007 1:10:39 PM , Rating: 3
Just use Mail.app to read your email. Case closed.




RE: No threat
By Pirks on 1/19/2007 2:23:05 PM , Rating: 2
I wonder how many Mac zealots got infected if a Mac specific e-mail trojan were released. They are so entrenched in their religion of uberinvulnerable MAC OS X (ohh ahh it's a U.N.I.X. I gonna cum now ohh ohh das ist fantastisch...) that they'd blindly open ANYTHING they get in their beloved Mail.app believeng that the Holy Trinity of Apple, Steveie and B.S.D. U.N.I.X. will protect them from The Evil Windoze Virii And Malware :) It's a MAC! Right? Right??! :)))

sorry guys who are normal literate/educated Mac users, it's not about you, I'm just teasin' some Mac woodheads here, you know who you are! :P


RE: No threat
By AxemanFU on 1/19/2007 2:59:57 PM , Rating: 2
It's much simpler than that: There isn't enough profit from writing Mac viruses to make Mac Zombies to justify anyone's time to do it.


RE: No threat
By Pirks on 1/19/07, Rating: -1
RE: No threat
By Pirks on 1/19/07, Rating: 0
RE: No threat
By Spivonious on 1/19/2007 4:34:56 PM , Rating: 2
Greatest...post...ever!


RE: No threat
By TomZ on 1/19/2007 6:07:01 PM , Rating: 2
Oh, yes - the immediate downmod effect if you mention Apple in a negative way. LOL.


RE: No threat
By Pirks on 1/19/2007 6:31:13 PM , Rating: 2
yeah, I just invented Mac-zealot-o-meter here - I post it and see the reaction. see that red bar above my post? red means Mac zealotry level is RED DANGEROUS :))


RE: No threat
By jtesoro on 1/19/2007 11:54:24 PM , Rating: 2
While I think pro-Mac people are more zealous (to use Pirks' word) about their brand than others are, his posts probably got modded down because of the same zealotry it shows against it. Get extreme with your posts, and it will attract extreme reactions also, in the form of wild posts or mod-downs.

Look, you're probably as pro-Microsoft as lots of other people here are pro-Mac. But you post in a reasonable way, and thus get more reasonable responses.


Hmm
By zsouthboy on 1/19/2007 11:02:17 AM , Rating: 3
Who is using a freakin mail application that DOESN'T block .exe's anymore?

No, seriously! I know Outlook does, I'm pretty sure Thunderbird does...

How do people STILL manage to run these damn things?

I complain, because it's a pain in the ass if I code something up at work and want to shoot the exe to my home email address, or vice versa.




RE: Hmm
By cocoman on 1/19/2007 11:16:51 AM , Rating: 2
Most people that do not use emailing for business, use webpages to access their emails. This way you can open the .exe without any problems.


RE: Hmm
By kextyn on 1/19/2007 12:20:29 PM , Rating: 2
I thought most popular web based email services do virus scans and whatnot on attachments. I know Yahoo does.


RE: Hmm
By uberfu on 1/19/2007 12:37:34 PM , Rating: 1
that's easy to fix - there is usually a function in most email Apps called Filters_ And you can use these filters [when sya sending yourself an email] to exept mail from yourself or a different one of your accounts to allow attachments to be received_

And you're calling other users stupid ?


RE: Hmm
By othercents on 1/19/07, Rating: 0
RE: Hmm
By Hare on 1/19/2007 2:42:50 PM , Rating: 2
What does POP3 have to do with this? I just don't get it. If I use IMAP or POP3S or IMAPS (secured) it's exactly the same thing. If you execute the file you are infected.

The type of method you use to fetch the mail has nothing to do with the ability of the mail server to scan the viruses. The thing is that most mail hosts use ClamAV which is not that good and has no way to spot viruses that are new.


Argh!
By AxemanFU on 1/19/2007 10:27:35 AM , Rating: 3
Another virus programmer probably working as a gun for hire for organized crime somewhere to build another zombie network..someone that needs a slow painful exit from this world in my view.




RE: Argh!
By therealnickdanger on 1/19/2007 10:38:33 AM , Rating: 4
Or working for Symantec or other AV companies to propogate the need for their overpriced software... Conspiracy!


....i was curious
By ncage on 1/19/2007 12:31:00 PM , Rating: 2
I have an account that i get a crap load of spam on. I checked the account (hotmail) to see if i had any of these attachments and i don't. I don't know if hotmail blocks emails that it finds a virus in or at least removes the attachment.

Ncage




Conspiracy?
By SomeYoungMan on 1/19/2007 12:58:36 PM , Rating: 2
I bet F-Secure is really behind the worm...

Btw, I assume the first word is meant to be "Finnish", not "Finish".




Another Bullsh1t Terror Scam
By Crazyeyeskillah on 1/19/07, Rating: -1
RE: Another Bullsh1t Terror Scam
By Griswold on 1/19/2007 11:18:20 AM , Rating: 2
Its dubbed "storm worm" because this trojan refers to the storm that hit europe yesterday, in some of its e-mails.


RE: Another Bullsh1t Terror Scam
By Spyvie on 1/19/2007 12:22:44 PM , Rating: 2
You mean a "ticker" sorta like this one...

http://www.nationalterroralert.com/homeland-securi...


RE: Another Bullsh1t Terror Scam
By FITCamaro on 1/19/2007 1:18:54 PM , Rating: 2
I love it how liberals will try stretch anything to make it sound like the American government is behind everything.

The naming of this worm had nothing to do with America in general considering a security company in Finland named it. I don't think companies call American news agencies and are like "Psst! Hey! What can we name this thing to scare the crap out of people?"

The only BS here is your post.


RE: Another Bullsh1t Terror Scam
By Griswold on 1/19/2007 1:49:51 PM , Rating: 2
Your post also qualifies as BS since the OP never implied that the US government is behind this.


RE: Another Bullsh1t Terror Scam
By FITCamaro on 1/19/2007 2:33:48 PM , Rating: 2
My interpretation of it was that he was accusing the government of being behind these names in order to scare people.


By Crazyeyeskillah on 1/20/2007 5:33:57 PM , Rating: 2
it was actually drawing on the similarity of scare tactics used to spread fear. . .i thought you 'astute' readers would have caught this simple connection.


"If a man really wants to make a million dollars, the best way would be to start his own religion." -- Scientology founder L. Ron. Hubbard

DailyTech Poll
Which web browser do you use on your primary personal machine? 






44 Comments







botimage
Copyright 2009 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki