Storm worm variant ignites e-mail virus deluge

Postini said that two variations of the Storm worm virus, which originally spread across the Internet in January, have quickly driven global virus levels 60 times higher than their daily average. E-mail users should be on alert for messages with "love"-related subject lines and an executable attachment that would contain a Trojan virus, as well as messages with "Worm Alert!" subject lines that contained a .zip file full of malicious code.

Postini, which is based in San Carlos, Calif., says it processes more than 2 billion messages per day in order to compile its reports.

According to warning notices from Postini as well as VeriSign, which also has been following the threat, clicking on the executable file in one of the new Storm worm e-mails installs a rootkit with anti-security measures that mask the malicious software's presence from virus scans and shut down security programs that may be running. The virus then taps into a private peer-to-peer network where it can download new updates and upload personal information from the compromised computer. Additionally, the virus scans the machine's hard drive to locate e-mail addresses to which it can replicate itself.

Ultimately, computers infected with this virus become unknowing "zombies" in a botnet that are used to send out spam and further the attacks. "It is highly likely that this latest attack will result in many more downloads, pump-and-dump attacks, and more as seen with former Storm worm attacks to date," Ken Dunham, director of VeriSign's Rapid Response Team, said in a statement Thursday.

The recent Storm worm proliferation, coupled with a similar attack earlier this week that involved e-mails with "missile attacks" in the subject line, have made this the most active week for e-mail virus attacks in at least a year, according to Postini.