The infamous Storm worm has seen a surge of activity this Halloween, spread by spam promising the "most amazing dancing skeleton", but delivering a trojan which puts the computer under the control of the storm botnet.

Skeletons and zombie computers – it sounds like the ultimate high-tech halloween, but the real culprit is that which terrifies system administrators the most: stupid users.  As described by eweek, the infection relies on users opening a message from an obviously fake address from someone they’ve never heard of before, following a link and running an exe file from an untrusted site.  People that stupid deserve to lose their computers.

Unfortunately that computer can then be used to hurt people who aren’t terminally ignorant, with the computing power of millions of desktops available in the botnet for whatever nefarious purposes the malware coders desire.  (Sorry, I couldn’t resist the chance to use the word ‘nefarious’).

It goes to show that despite the best efforts of professionals to eliminate the threat (as we ">previously reported), those behind the virus have an almost infinite resource of user ignorance to draw on.  And that’s a powerful force indeed.

The Storm worm has been in circulation for almost a year now, and more interestingly has been directed to attack security firms who trying to eradicate it.  This shows a scary level of power for malware – rather than just trying to avoid or circumvent detection, it is now powerful enough to begin engaging the forces arrayed against it.

No need for terror, though – Halloween is over, and unless you personally are a major financial institution or security vendor, your desktop and it’s collection of family photos are unlikely to be a target.  Just follow the simple rules of security: "Don’t open spam, and don’t run exes, jackass."

Related:

Entry was posted on Thursday, November 1st, 2007 at 10:14 am under Antivirus, Crime, Malware, Security.

Read more entries by Luke McKinney.
Stumble It!