• On TV.com: THE GIRLS NEXT DOOR photos

January 19, 2007 8:15 AM PST

'Storm worm' rages across the globe

By Dawn Kawamoto
Staff Writer, CNET News
Last modified: January 19, 2007 10:00 AM PST

  • Print
Related Stories

Security tools ready for Vista launch

 January 17, 2007

Attack code out for 'critical' Windows flaw

 January 16, 2007

Mac flaw puts Safari surfers at risk

 January 11, 2007

Symantec wants to lend a hand with Vista security

 January 10, 2007

What threats does Skype face?

 January 2, 2007

Year in review: Zero-day mania

 December 28, 2006

Watch out for worm wars

 August 17, 2005

Hacking for dollars

 July 6, 2005

Damage control

 February 6, 2003
"Storm worm," one of the larger Trojan horse attacks in recent years, is baiting people with timely information about a deadly, real-life storm front, security researchers said Friday.

Over an eight-hour period Thursday, malicious e-mails were sent across the globe to hundreds of thousands of people, said Mikko Hypponen, chief research officer for F-Secure.

People who open the attachment then unknowingly become part of a botnet. A botnet serves as an army of commandeered computers, which are later used by attackers without their owners' knowledge.

Storm worm carries the subject line "230 dead as storm batters Europe," Hypponen said, noting the unusual twist to the e-mail.

"The e-mail was started 15 hours ago, when the storm was peaking in Central Europe," Hypponen said. "This is unusual in that it was very timely."

Storm worm is a Trojan horse with an executable file as an attachment. Cybercriminals took advantage of social engineering, using the news of the European storm to get people to open the attached malicious file, which promises more news on the weather emergency. The recipient must open the file for it to execute.

The file creates a back door to a computer that can be exploited later to steal data or to use the computer to post spam.

Storm worm is already close to being as large as the bigger attacks of 2006, Hypponen said, though it's still smaller than Sasser and Slammer.

Hypponen also noted that this Trojan horse is unusual because most attacks these days tend to be smaller and targeted, as criminals seek to pilfer personal information for financial gain, rather than fame.

Though Storm worm is widespread, the damage may ultimately be minimal in the U.S. because most tech security companies will have already added it to their blocking list before people get into work, he added.

Other e-mail subject lines for it include "U.S. Secretary of State Condoleezza..." and "A killer at 11, he's free at 21 and..."

According to the Associated Press, the European storm has killed at least 41 people.

See more CNET content tagged:
worm, storm, globe, trojan horse, attack

Add a Comment (Log in or register) 33 comments
And of course....
by J_Satch January 19, 2007 5:30 AM PST
...countless thousands of idiots gladly open the email and attachment.
Reply to this comment
Once again, the Macintosh from Apple proves to be the safer choice.
by CentrOS January 19, 2007 9:00 AM PST
Once again, the Macintosh from Apple proves to be the safer
choice.
Reply to this comment
Macs are still too big of a target
by webdev511 January 19, 2007 10:32 AM PST
if you want to be REALLY safe you need an IRIX box. And to top it off, O2's were cute 10 years ago.
Yeah Yeah
by Gasaraki January 19, 2007 12:52 PM PST
Every article about any type of virus or security, we get people that come on and claim that OSX is the most secure OS ever in the history of man. Thanks for the info
View reply
Actually, the safest choice is the Timex 360
by scottnet91 January 22, 2007 7:01 AM PST
I have not heard of any viruses for the Timex 360 and not one virus has hit this platform in at least a decade....

Mac folks should be happy that most attackers still hate the other guy so much they do not spend much time looking at their platform. Have the common sense to know when not to tease. All platforms have weakness. You really do not want to be proven wrong.
lol
by sal-magnone January 19, 2007 9:55 AM PST
Yet another virus that I probably won't get. The last virus I got was a DOS virus in the late 80s.

It's hardly just the OS. The OS matters but not as much as people. Put MAC and LINUX boxes on the desktop, in the hands of similar users and desktop support groups and you'll get the same results.
Reply to this comment
Um,,,, no
by ddesy January 19, 2007 12:59 PM PST
You won't get similar results until there are as many (any, in the case of OS X) viruses for these platforms.
View reply
Not about bragging rights
by RoutinelyCalled January 19, 2007 10:35 AM PST
All this talk about writing a Mac virus and getting bragging rights ignores the main reason for viruses and worms these days...money! In the old days it was about who could write the coolest, fastest, most-targeted. Now it's about creating spam-bot networks to sell to as a service to spammers.

Read the article and it's obvious. How could a worm get sent to hurdreds of thousands of people (the intent) if it targeted an OS used by 10% of users. It ain't about props any more, it's about cash!
Reply to this comment
Since "it 's about cash!"
by rcrusoe January 19, 2007 12:14 PM PST
If as you say, and I agree, the main reason to spread viruses these days is "about cash", why aren't these virus writers targeting Macs?

"Those who surf the Web using a Mac tend to be better educated and make more money than their PC-using counterparts, according to a report from Nielsen/NetRatings."

http://news.com.com/2100-1040-943519.html
View reply
Wrong!
by ddesy January 19, 2007 1:00 PM PST
For some it's about money. There are still plenty of people who do it for the attention!
View reply
Macs weather the storm..!!
by imacpwr January 20, 2007 4:20 AM PST
:-)
Switching to a Mac last year was the smartest move I ever made..!!
Reply to this comment
Don't you wish
by Macsaresafer January 20, 2007 4:32 PM PST
that you had done it sooner?
please
by Sil3nt71 January 20, 2007 7:38 PM PST
spare us the apple dribble.

every thread. every god damn time. you have a mac, get over it. so do i, but i seem to have something that's rare amongst mac users.

it's called modesty, with a dash of manners.
View reply
Cnet is afraid
by clsgis January 21, 2007 9:42 AM PST
Once again, a story about an email worm which only affects one vendor's system fails to mention that vendor. Doesn't even mention the fact that it only hits one vendor's OS.

Don't you think that was a relevant detail? Why do you think it was left out?

The night after the Melissa worm hit, Ted Koppel had a real expert on his show, who explained in language anyone could understand exactly why the worm got so far so fast. It was a career-limiting move for Koppel. _Nightline_ doesn't do malware stories any more.

I worked on the biggest selling 10BASE-T card in the industry's history. We were the first with Linux support, and the default NIC in Linux kernels for years. Before I left, I asked our CEO why we never mentioned "works with Linux" on the retail box. He said he couldn't risk getting the 800 pound gorilla angry. The gorilla is irritable. Everybody in that business is afraid, and that includes the pundits and publishers.

http://notwindoze.blogspot.com
Reply to this comment
LOL
by sea_net January 22, 2007 6:48 AM PST
REALLY GOOD HEADLINE

NO CIGAR
Reply to this comment
Letter to the writer of this article...
by lkrupp January 22, 2007 4:23 PM PST
"Ms. Kawamoto,

Do you have a legitimate reason for not providing information
about the operating system this worm uses to propagate itself?
Are we to assume this worm affects ALL operating systems and
users or just one. On the surface it seems to you are deliberately
obfuscating the problem and don't want people to know what
system is affected. Is it C|net policy to protect the identity of a
certain operating system when it is the cause of a threat?"
Reply to this comment
Internet Common Sense 101
by wbenton January 23, 2007 7:06 AM PST
>>>People who open the attachment then unknowingly become part of a botnet.<<<

Internet Common Sense 101: Don't click on unknown URL links or unknown attachments... ESPECIALLY if they're of the executable type, and ALSO especially if they're from an unknown spoofed source.

If you don't know how to tell the difference, then give up computing or learn how to tell the difference.

Doesn't really matter what OS the worm is after!!!

Internet Common Sense 101 is Internet Common Sense 101.

Adhere to it or get infected!!!

Walt
Reply to this comment
What platform?
by rbannon May 5, 2008 8:11 PM PDT
Linux, UNIX, Mac OS X, or Windows?
Reply to this comment
Virus writers are not stupid
by RTFM January 19, 2007 6:06 AM PST
They would have to be morons NOT to write code that would affect 90% of computers. You would BE a moron if you think OSX does not have holes. They just are ignored for the most part.
View all 3 replies
Any.
by Fil0403 January 27, 2007 6:19 PM PST
But remember Macs don't get viruses, so you're 100% safe, this is just a trojan.
 See all 33 Comments >>
advertisement
Click Here

Latest tech news headlines

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.

More feeds available in our RSS feed index.

Markets

Market news, charts, SEC filings, and more

Related quotes

Dow Jones Industrials (6.54%) 494.13 8,046.42
S&P 500 (6.32%) 47.59 800.03
NASDAQ (5.18%) 68.23 1,384.35
CNET TECH (5.95%) 56.25 1,002.00
  Symbol Lookup
advertisement

Inside CNET News

Scroll Left Scroll Right
News
Latest news
Business tech
Green tech
Wireless
Security
Media
Popular topics
Apple iPhone
Apple iPod
CES
Cell phones
Dell
GPS
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
Corrections
Customer Help Center
RSS
What's new
About CNET