Mass-mailed Trojan horse baits people with timely information about a deadly, real-life storm front in Europe.
Over an eight-hour period Thursday, malicious e-mails were sent across the globe to hundreds of thousands of people, said Mikko Hypponen, chief research officer for F-Secure.
People who open the attachment then unknowingly become part of a botnet. A botnet serves as an army of commandeered computers, which are later used by attackers without their owners' knowledge.
Storm worm carries the subject line "230 dead as storm batters Europe," Hypponen said, noting the unusual twist to the e-mail.
"The e-mail was started 15 hours ago, when the storm was peaking in Central Europe," Hypponen said. "This is unusual in that it was very timely."
Storm worm is a Trojan horse with an executable file as an attachment. Cybercriminals took advantage of social engineering, using the news of the European storm to get people to open the attached malicious file, which promises more news on the weather emergency. The recipient must open the file for it to execute.
The file creates a back door to a computer that can be exploited later to steal data or to use the computer to post spam.
Storm worm is already close to being as large as the bigger attacks of 2006, Hypponen said, though it's still smaller than Sasser and Slammer.
Hypponen also noted that this Trojan horse is unusual because most attacks these days tend to be smaller and targeted, as criminals seek to pilfer personal information for financial gain, rather than fame.
Though Storm worm is widespread, the damage may ultimately be minimal in the U.S. because most tech security companies will have already added it to their blocking list before people get into work, he added.
Other e-mail subject lines for it include "U.S. Secretary of State Condoleezza..." and "A killer at 11, he's free at 21 and..."
According to the Associated Press, the European storm has killed at least 41 people.