A massive virus outbreak, the largest in the last 12 months, has quickly driven global virus levels to 60 times higher than their daily average, according to security company Postini.

Postini says that the reported increase was based on its review of more than 2 billion emails per day.

According to warning notices from Postini, as well as VeriSign, which has also been following the threat, Storm Worm is installed by clicking on an email executable attachment file that installs a rootkit with anti-security measures that attempt to mask the malicious software’s presence from virus scans and shut down security programs that may be running.

John McDonald, head of antivirus firm Symantec’s Asia-Pacific security response unit, says the virus hides behind a password because this stops it being scanned by antivirus software. 

Once installed, Storm Worm takes control of the machine by adding the infected PC to a “bot army” of compromised computers that are connected to a custom peer-to-pear network where it can download new updates, upload personal information from the compromised computer, and scan e-mail addresses to send out spam to further the attacks.

The current Storm Worm spree began around 3 AM PDT on Thursday. Initially, the messages contained subject lines including the word “love”, urging the users to click on a file attachment, which would install the virus. But soon, the subject lines began to mutate, giving users the impression that an e-mail was being sent by a technical support group helping them to avoid a virus.

The names and size of the virus file also mutate as e-mails are passed from person to person.

To the user of an infected PC “it appears as if nothing has happened,” according to Adam Swidler, senior manager of solutions marketing at Postini.

The virus can be detected by up-to-date antivirus software. Its spread can be control by most Internet providers using up-to-date virus filters, which should stop it before it reaches inboxes.

However, the best solution to avoid serious trouble, said Swidler, is to delete any e-mails with subject lines that refer to the worms or the word love.

“Definitely don’t click the attachments,” he added.

Related:

Entry was posted on Friday, April 13th, 2007 at 11:17 pm under Security, Spam, Technology.

Read more entries by Ruben Francia.
Stumble It!