WORMS, ACTIVE EXPLOITS, VULNERABILITIES & PATCHES
–Storm Worm Continues to Morph
(December 25 & 26, 2007) (((Merry Xmax)))
Continuing its path of evolution and adaptability, the Storm worm is now spreading in the guise of holiday-related messages. Storm has been spreading for nearly a year. At first, Storm's method was to release numerous variants almost simultaneously so as to hinder efforts of anti-virus companies to detect every one. It then progressed to using spam networks to seek out vulnerable machines, and more recently developed a method of striking back at analysts trying to find sources of infection. A variant with a rootkit designed to cloak the malicious code has also been detected.
http://www.securityfocus.com/brief/649
http://www.heise-security.co.uk/news/101056
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9054358&source=rss_topic17
http://www.theregister.co.uk/2007/12/27/storm_worm_seasonal_attacks/print.html
[Editor's Note (Skoudis): Storm gets a rootkit... it was inevitable.
Storm represents a massive distributed computing platform from which bad guys harvest money. They reinvest some of that profit in making it even more sinister.
(Liston): This is something that we've been predicting for some time now. Malware is now a business, and the storm worm's creator has developed a business plan for using his little creation to earn a living. Like any successful business plan, adaptability to market pressures is a primary goal. We will continue to see an increasing number of highly adaptive malware strains in the future.]
