The holiday has dragged Storm worm back out for some more “smashy, smashy”. If you receive an email like the one above which arrived in our media email this morning do not click on it. That might seem self evident to some but, this malware continues to spread for a reason. A couple of the domains being used to spread the malware are happycards2008.com or newyearcards2008.com. This time around the creators of the storm worm have added a rootkit in an effort to avoid detection and to distribute the workload.
From Computer World:
Fortunately, said Giuliani, the rootkit is relatively old, and thus detectable by at least some security software. Neither is the move by Storm’s makers to hide its components and operations from anti-virus programs a new thing: the Trojan began using rootkits months ago.
Giuliani also wondered why the domains hosting the Trojan had not been taken down. “If the attack is currently known and security companies are updating their software, why are these fake domains still active?” he asked in a post to the Prevx company blog. “If servers behind [these] sites are constantly changing so that it would be impossible to shut them down, these servers are reached by four well-known domains. Why, after four days, hasn’t anyone successfully taken these domains down?”
That’s an easy one to answer. It’s the holiday season. No one home.
I didn’t say it was a good answer.
[tags]Storm Worm, Holiday Email Malware[/tags]