Symantec: Storm worm changes tack

The Storm worm has evolved again, researchers from Symantec claim.

To streamline the worm and make it more stable, the malware authors have shed key functionalities in the malicious code, said the researchers.

The worm no longer infects other legitimate drivers on the system, instead relying on its own proprietary components to "do its dirty work". It also no longer injects itself into processes such as Explorer.exe, according to a blog post by Symantec security researcher Thomas Parsons.

"The sustained development of the Storm worm (incorporating review cycles) indicates that we will continue to see solid infection rates going forward," wrote Parsons. "So, unlike the natural phenomenon, this storm continues to huff and puff and it doesn't look like it is petering out anytime soon."

The Storm botnet was initially created at the beginning of 2007, when the Storm worm was sent out via spam, hiding in email attachments with a subject line of "230 dead as storm batters Europe".

Talkback 0 comments

• Network Enginner Firewall Checkpoint
• Network Specialist Routing / Switching and Firewall Management
• IT Trainer (Information Security)
• Application Security
• Senior R&D Engineer (IT Security)

TechGuides

Reviewing scheduled task inventory for Windows Server 2008 R2

Default installations of Windows Server 2008 R2 enumerate a number of default scheduled tasks, many of which you may not need.

Read more »

Latest from Blog Central

Don't CC me, I'll CC you

Read more »

Cutting-edge technology from premium sponsors

Adaptive Threat Management

High Performance Security for your Distributed Enterprise

Achieve lower TCO, agility, risk mitigation, compliance, and productivity

Webcast series: Cybercrime is a growth industry - is your organisation prepared?

More resources to optimize the security of your enterprise »

Brought to you by:

 

 

 

More Tech Showcases:

Juniper Networks