New versions of Storm Trojan attack have surfaced. Using different servers, the infected file names have also changed.
SANS Institute’s (ISC) and Prevx have identified a new infected download as “happynewyear.exe,” which has replaced “happy2008.exe”.
Storm attempts to cloak itself using a rootkit which enables it to hide from anti-virus programs. It has no visible running processes.
Marco Giuliani of Prevx and Russ McRee, an independent security researcher have posted their analyses online.
Since the newest Storm attacks begin the code has repacked hundreds of times enabling the malware to bypass signature-based anti-virus software. More than 400 variants are currently in circulation.