What is Storm Worm?

Storm Worm, also known as DoS.Storm.Worm or Win32.Storm.Worm, is a worm type virus that spreads via e-mail, using a variety of subject lines and text messages relating to news events or other current events. This worm virus tries to seek out Microsoft Internet Information Services (IIS) systems that do not have the proper security patches.

The Storm Worm began infecting mostly private computers in Europe and U.S. in 2007. In that year this worm virus accounted for 8% of malware infections globally. The virus spread through e-mails as an attachment. When an attachment is opened, the malware installs the wincom32 service, and injects a payload, passing on e-mail to destinations encoded within the malware itself. According to some antivirus company reports, it may also download and run the Trojan.Abwiz.F trojan, and the W32.Mixor.Q@mm worm. The Trojan disguises on the spam with names such as "postcard.exe" and "Flash Postcard.exe," with more changes from the original attack as it mutates. Some of the known names for the attachments include:

• Postcard.exe

• ecard.exe

• FullVideo.exe

• Full Story.exe

• Video.exe

• Read More.exe

• FullClip.exe

• GreetingPostcard.exe

• MoreHere.exe

• FlashPostcard.exe

• GreetingCard.exe

• ClickHere.exe

• ReadMore.exe

• FlashPostcard.exe

• FullNews.exe

• NflStatTracker.exe

• ArcadeWorld.exe

• ArcadeWorldGame.exe

• with_love.exe

• withlove.exe

• love.exe

• frommetoyou.exe

• iheartyou.exe

• fck2008.exe

• fck2009.exe