(((Just in case you've got anti-virus software "running" in that PC and you somehow imagine you're safe.)))
–Storm Worm Evolves, Launches Retaliatory Attack
(October 24 & 25, 2007)
The Storm worm (sometimes called Peacomm) has the capacity to launch targeted counterattacks against the systems of users trying to probe its command-and-control servers. Storm is able to detect the probes and retaliate by launching distributed denial-of-service (DDoS) attacks against the uninvited visitors. Researchers have been wary of publicizing the results of their efforts to understand the worm and stop its harmful behavior.
———> Storm has the capability to interrupt applications, including security applications such as Anti-Virus software, as they are booting up and either shut them down or render then inert so that they appear to be running but are in fact doing nothing.
http://www.networkworld.com/news/2007/102407-storm-worm-security.html http://www.theregister.co.uk/2007/10/25/storm_worm_backlash/print.html http://www.enews20.com/news_The_Storm_Worms_Striking_Back_03307.html
[Editor's Note (Ullrich): The Storm worm goes out of its way to fight malware researchers. It has always used multiple anti-reverse engineering techniques. This retaliatory behavior was first seen a few months ago as malware researchers who downloaded the trojan multiple times started to be the target of these likely automated attacks. One attack works as follows: Whenever you port scan a storm-infected node, or if you download the malware several times, a subset of the storm network will launch a denial of service attack against you. Typically it is an ICMP flood that can last a day or so.]
