Tech Tips Home
The Best Tech Tips And Daily Deals
Newsletter On The Internet!

Shop online 24hrs a day or call us Mon-Fri
8:30AM-4:30PM EST - 1-800-915-2088
WorldStart Tech Tip And Store Search
Email: Password: Login Remember Me
looking for freeware

Like what you see here? Subscribe to the Tech Tips newsletter!   Email: Subscribe

The Storm Worm

Thursday, January 25th, 2007 by | Filed Under: Security Help

The Storm Worm

News Alert: 230 Dead As Storm Batters Europe

Or, at least, that’s what one of the latest subject lines of a new worm that, according to F-Secure, is battering the shores of the Internet. I have received mixed reports on the actual widespread damage that this is actually causing, but it is a threat nonetheless and it’s my job to keep you all informed.

The Storm Worm, Small.DAM and W32/Nuwar worm are using current news topics as the “hook” in e-mail subject lines to lure unsuspecting users into opening the .exe payload attachments. Subject lines, such as one of the following, have all been used:

  • “A Killer at 11”
  • “He’s free at 21″
  • “British Muslims Genocide”
  • “Naked Teens Attack Home Director”
  • “U.S. Secretary of State Condoleezza Rice Has Kicked German Chancellor Angela Merkel”
  • “Castro is Dead”

Attached to these enticing e-mails are executable files with titles that seem to further the facade with promises, such as a “Live Video,” “Full Clip” or “Full Story.” You get the point and hopefully, you know these attachments are the viruses. The virus opens a back door, allowing remote access to your system for unwanted and unknown uses.

The worm also installs a rootkit, which if you’re not familiar, is a type of virus that installs to the kernel of the operating system and hides certain files so they can go on working undisturbed and un-noticed. The infected machine also becomes a zombie in a botnet network of infected PCs that work together for a common purpose. In most botnets, the PCs communicate with one central server, which if located and dismantled, will render the botnet useless.

In the case of the Storm Worm, the bot network is more peer to peer in nature with no centralized server. This creates new problems in stopping the network, if discovered, because if some of the machines are disabled, the network can cut its losses and continue with the mission. Another unique characteristic of the Storm Worm’s networking is the subset of IP addresses that it has. In order to cover its trail, the infected PCs do not contain a list of all the IP addresses of the PCs in its botnet, but rather, a limited number of 30 to 35 or so. This keeps the botnet, if discovered, from revealing too much about the other machines and the network in general so that the rest of the undiscovered network is safe.

In addition to this, the botnet also is a very motivated updater. In some cases, receiving more than an update an hour. Geesh! That could be a problem for antivirus companies to try and come up with virus signatures.

Well, so far, this seems like a threat. It’s almost like an uber virus. It has a solution to all of our conventional practices that can stop such a threat. I don’t think this is entirely true though. There is one huge oversight that the creators of the Storm Worm, in my opinion, have failed to notice and this is the reason some security experts are saying the home users, not the corporate world, will see more damage from this viral attack. The reason is simple. It is an executable file attached to an unsolicited e-mail from an unknown source, which means what?

It means, under no circumstance, should it ever be opened. This is the oldest trick in the virus book and you all should know better. In addition to this, most ISPs and Webmail providers are going to scrutinize an executable attachment sent in an e-mail.

This means it always comes back to fundamentals. Don’t open attachments that you don’t expect and you should be safe. If you do, for some reason, download them, scan them before opening them with your installed antivirus program and you should be good to go.

If you do see something interesting in the subject line and are intrigued to the point of insanity, open up a Web browser and do a search for the topic and read it outside of your e-mail.

If you do find that you have been infected, the best thing to do at this point is to go to your antivirus vendor’s Web site and look up the threat. You may be able to do an online scanner or some other procedure to remove the virus from your system.

That’s all I have for you today. Until next week, stay away from those attachments!

~ Chad Stelnicki

Leave a Reply

Like these tips? Get them for FREE in your email!

WorldStart's Tech Tips Newsletter

  • Tech Tips Daily - Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

  • Tech Tips Weekly - If you don't want our Tech Tips newsletter every day, then sign up for this weekly newsletter to get the best information of the week. Sent on Fridays.

Other Newsletters

  • WorldStart's Daily Deals - Every week, we send out great deals in our Daily Deals newsletter. Many of these deals are exclusively for our Daily Deals newsletter subscribers and can't be found with our regular specials.

  • Just For Grins - Each issue includes a couple clean jokes, some funny quotes, and a hilarious reader's story. Newsletter is sent five days a week.

Enter Email Address:


Your e-mail address is safe with us!
We only use it to send you the newsletters you request. It is NEVER disclosed to a third party for any reason, ever! Plus, if you decided you don't like our newsletters (don't worry, you'll love them), unsubscribing is fast and easy.

Free Newsletter Signup

Tech Tips Daily

Become a tech pro! Get the very best tech and computer help sent directly to your email every weekday!

Tech Tips Weekly

The week's best in tech and computer help. Get your issue sent to your email every Friday!

WorldStart's Daily Deals

The very best deals on the Internet! Get a new set of incredible sales every day of the week!

Just For Grins

Clean jokes, funny quotes, and hilarious comics. Sent 5 times a week straight to your email.


Love Worldstart? Refer A Friend!

looking for freeware
WorldStart's Premium Membership

Tip Archive