Storm worm makes a comeback

Internet Storm Center has warned about the comeback of the Storm worm. Apparently, the worm is back on the web and is spreading at a very fast pace.

ISC said in a statement that the latest variant is based on the infamous Storm worm which has been troubling the administrators around the world since last year.

This new worm comes in a password-protected ZIP file and the targeted user is supplied with the password in a gif file. This makes it hard for the antivirus tools available at the user’s place to detect the worm.

Allysa Myers of McAfee Avert Labs added in a statement: “The tactic for the e-mail is to make you think you’ve been infected, and that you need to open the ZIP file to run a patch or removal tool to fix your machine.”

Ken Dunham, director of the rapid response team at VeriSign iDefense had more information: “Once executed the worm installs a rootkit on the system (wincom32.sys) and communicates over a private peer-to-peer network to update itself. It is highly likely that this latest attack will result in many more downloads, pump and dump attacks, and more as seen with former Storm Worm attacks to date.”