UPDATE: Storm Worm outbreak
Posted by: Marco Giuliani
yesterday has been a quite interesting and busy day. I already updated you about the Storm worm outbreak. Until early yesterday we've monitored more than 700 variants of the Storm worm, repacked every few minutes from the server using a polymorphic-like technique to evade from antivirus softwares.
Now the team behind Storm worm has shown its real goal: new year oncoming. Since yesterday afternoon the worm is spreading under the name of happy2008.exe.
We've seen two different variant of it, both different in the code from the first version that was spreading during last two days. The first one has been online for about 10 hours and we've seen 166 different repacked versions of it - using the same polymorphic technique we've seen last two days.
Since tonight we're monitoring a new variant. Screen of Prevx CSI detecting Stormy rootkit is shown below (click on the image for full size):
We updated Prevx to succesfully detect these threats. If you want, you can check your PC for free with Prevx CSI.
We'll continue to monitor the situation, however its more then likely that these attacks will persist for a few more days to come.
Signing off,
Marco
