NEWS
The largest proliferation of email virus attacks in more than a year is likely to have occurred last Thursday, according to security company Postini.
Postini said two variations of the Storm Worm virus, which originally spread across the internet in January, have quickly driven global virus levels 60 times higher than their daily average. Email users should be on alert for messages with "love"-related subject lines and an executable attachment that would contain a Trojan virus, as well as messages with "Worm Alert!" subject lines that contained a dot-zip file full of malicious code.
According to warning notices from Postini - as well as VeriSign, which has also been following the threat - clicking on the executable file in one of the new Storm Worm emails installs a rootkit with anti-security measures that mask the malicious software's presence from virus scans and shut down security programs that may be running. The virus then taps into a private peer-to-peer network where it can download new updates and upload personal information from the compromised computer. Additionally, the virus scans the machine's hard drive to locate email addresses to which it can replicate itself.
Ultimately, computers infected with this virus become unknowing "zombies" in a botnet that are used to send out spam and further the attacks. Ken Dunham, director of VeriSign's Rapid Response Team, said in a statement: "It is highly likely that this latest attack will result in many more downloads, pump-and-dump attacks, and more as seen with former Storm Worm attacks to date."
The recent Storm Worm proliferation, coupled with a similar attack earlier last week that involved emails with "missile attacks" in the subject line, have made this the most active week for email virus attacks in at least a year, according to Postini. The company said it processes more than two billion messages per day in order to compile its reports.
Caroline McCarthy writes for CNET News.com
