Storm Worm still evolving - Symantec

Malware sheds its skin...

By Tom Espiner, 5 November 2007 08:38

NEWS

The Storm Worm has evolved again, researchers from Symantec claim.

To streamline the worm and make it more stable, the malware authors have shed key functionalities in the malicious code, according to the researchers.

The worm no longer infects other legitimate drivers on the system, instead relying on its own proprietary components to "do its dirty work". It also no longer injects itself into processes such as Explorer.exe, according to a blog post by Symantec security researcher Thomas Parsons.

He wrote: "The sustained development of the Storm worm (incorporating review cycles) indicates that we will continue to see solid infection rates going forward. So, unlike the natural phenomenon, this storm continues to huff and puff and it doesn't look like it is petering out anytime soon."

The Storm botnet was initially created at the beginning of 2007, when the Storm worm was sent out via spam, hiding in email attachments with a subject line of "230 dead as storm batters Europe".

Tom Espiner writes for ZDNet UK

Post your comment

In order to post a comment you need to be registered and logged in.

Log in or create your silicon.com account below

Will not be displayed with your comment

By signing up for this service, you indicate that you agree to our Terms and Conditions and have read and understood our Privacy Policy.

Questions about membership? Find the answers in the Membership FAQ