Computer worm spreads holiday infection
Deborah Gage, Chronicle Staff Writer

Saturday, December 29, 2007

Security researchers are tracking holiday attacks by the Storm Worm, a
particularly insidious piece of computer malware that has been
circulating around the world for about a year.

Earlier this week, the worm - actually a batch of malicious software
code - started generating Christmas-related e-mail spam. On Christmas
Day, it switched tactics and began sending fake e-postcards with a New
Year's message. Both sets of spam offered links that led to infected
Web sites that tried to install malware on victims' computers.

Links to the fake postcards were also found Friday on Google Blogspot
blogs by the Washington Post, which conducted a Google search. Google
did not return calls seeking comment.

Researchers expect the attacks to continue for at least another week
because of the assassination on Thursday of Benazir Bhutto, the former
prime minister of Pakistan.

This "is the type of sensational headline the Storm Worm has exploited
in the past," said David Goldsmith of the SANS Internet Storm Center,
a research institute in Bethesda, Md.

The Storm Worm first surfaced in January in the guise of an e-mail
offering fake news about storms in Europe. Its programmers, who have
been traced to Russia, are skilled at changing the worm's software and
moving it around the Web to avoid being detected by antivirus
programs.

Javier Santoyo, a manager for Symantec, a security company in
Cupertino, said the Russians are professional software programmers who
monitor Symantec's and others' security products to figure out how to
design the worm, which includes several types of code. From midnight
to 3 p.m. on Dec. 24, Symantec detected and blocked 6 million e-mail
messages generated by the worm, he said.

Researchers are warning computer users not to open attachments in
e-mails or click on any links - not in e-mails or in instant messages
or on the Web - from people they don't know. The malware installed by
the Storm Worm is capable of hiding on computers and can log
keystrokes to collect credit card numbers and other sensitive
information, Goldsmith said.

"You have to apply the old, conventional thinking" even to something
new, said Russ McRee, a security researcher in Seattle who tracks the
worm. "Don't click on anything you're not confident in."

Still, malware writers have to work harder to create big
cyber-attacks. The Storm Worm has not spread across the global
Internet, like Code Red and the Slammer worms did in 2003, Santoyo
said. It also requires people to take an action - to open an
attachment or click on a link - before their machines are infected.

http://www.sfgate.com/cgi-bin/articl.../BU0BU66IM.DTL
Reminder: Update your virus/trojan protection ASAP

--
See return address to reply by email
remove the smiley face first