Storm Trojan changes tack

Stephen Withers
Thursday, 25 January 2007 11:54

Business IT - Security

The Storm (aka Peacomm, Dorf, Small and BAI) attack that previously spread under the guise of reports of deaths in the recent European storms is staying topical by sending out emails that may be mistaken for Valentine's Day greetings.

According to Sophos, subject lines currently being used include "You're so Far Away", "I Dream of you", "Old Together", "Dream Date Coupon", "Together You and I", "A Bouquet of Love", "So in Love", "Cuddle Up", and "Vacation Love". Over 180 variations have been seen.

If the attachment is opened, it sends similar emails to addresses found on the computer and downloads code intended to add the PC to a botnet used for sending spam. Symantec's analysis shows that the latest versions of the malware include a rootkit capable of hiding several files and registry keys, although it fails to conceal the ports it uses and has other bugs that can cause crashes.

An infected machine has been observed sending nearly 1800 stock-pumping messages in five minutes before falling quiet. Symantec reports that this Trojan accounts for over a quarter of all the spam being sent around the world in the last month. The company gives it a 3 on its 5-point severity scale as although the potential for damage is high, it is easily contained.

"People must learn to think before they click. It may be tempting to open an attachment which you think is a greeting card or a message from a loved one, but love can get you into trouble sometimes. The best defense is common sense, combined with up-to-date anti-virus software and email filtering at your gateway," said Graham Cluley, senior technology consultant at Sophos.