New Storm Trojan attacks

January 1, 2008

New versions of Storm Trojan attack have surfaced. Using different servers, the infected file names have also changed.

SANS Institute’s (ISC) and Prevx have identified a new infected download as “happynewyear.exe,” which has replaced “happy2008.exe”.

Storm attempts to cloak itself using a rootkit which enables it to hide from anti-virus programs. It has no visible running processes.

Marco Giuliani of Prevx and Russ McRee, an independent security researcher have posted their analyses online.

According to Giuliani, at least some security software is able to detect Storm as the rootkit is relatively old. Security companies are updating their software, but the fake domains remained active.

Since the newest Storm attacks begin the code has repacked hundreds of times enabling the malware to bypass signature-based anti-virus software. More than 400 variants are currently in circulation.


Post a comment

Your email address will not be published. Required fields are marked *

Visited 635 times, 1 so far today