Storm Worm Bots Activated

Filed in archive Spam News on November 15, 2007

If you got a pop up ad today proclaiming "Hemisphere Finds Gold!" your system is most likely infected with the Storm worm. This nasty bug is estimated to be infecting over 200,000 PC's across the country, and according to the Washington Posts's Security Fix column, removing it is a nightmare in itself:

Detecting and removing a Storm infestation can be exceedingly difficult, as it is programed to regularly mutate its digital make-up. Part of Storm's sneakiness stems from the fact that it ships with what's known as a "rootkit," a set of computer instructions designed to hide the malicious files and system processes that carry out most of the worm's activities. It does this essentially by inserting those components into legitimate Windows processes and drivers - such as "tcpip.sys," the driver that handles core Internet networking functions on Windows systems.

"By injecting itself into regular Windows processes and hijacking Windows drivers, Storm doesn't give you much to grab onto there," said Joe Stewart, a senior security researcher at SecureWorks. "Most people are going to have to depend on their anti-virus vendor to eventually get updated to detect whichever Storm variant is on their machine, or pay an expert to find it on their machine and remove it."

By the way, anyone who actually fell for the spam and invested will be in for a shock. Hemisphere Gold's stock fell .15 today, from $1.15 to $1.00 a share. Then again anyone that takes the advice of spammers when investing in the stock market shouldn't expect any different!