- Servers
- Desktops
- Laptops
- Tablet PCs
- PDAs
- Smart phones
- Digital cameras
- Camcorders
- Printers & multifunction devices
- Scanners
- Copiers
- Monitors & projectors
- Hard drives & burners
- Peripherals
- Productivity
- Accounting & finance
- Data management
- Graphics & publishing
- Web publishing
- Operating systems
- Security & utilities
- Downloads & trial software
- Handheld software
- Instant messaging
- Cell phones & plans
- Voice over Internet
- Telephones
- Routers & gateways
- Wireless networking
- Network adapters
- Internet access
- Web hosting
- Domain search
- Hotspot Zone
- Desktops
- Laptops
- Servers and storage
- PDAs
- Cell phones
- Monitors & projectors
- Printers
- Networking and wireless
- Security and utility software
- Productivity software
- Access, hosting, and services
- All business buying guides
Rob Vamosi's
award-winning
column on Internet threats and how to counter them
Delivered Mondays
CNET Security Center: Your complete source of antivirus and Internet security information.
Storm worm
Mass e-mailed worm is detected and removed by most antivirus products
By Robert Vamosi (January 19, 2007)
A new computer worm known as storm worm--Download.bai (McAfee) and Peacomm (Symantec)--is taking advantage of a winter storm in Europe and using its downloaded backdoor Trojan to change its message to the rest of the world. The spammed e-mail arrives either with a blank subject line or with one of the following:
Mass e-mailed worm is detected and removed by most antivirus products
By Robert Vamosi (January 19, 2007)
QUICK FACTS
Name: Storm worm, alias Download.bai (McAfee), Dorf (Sophos), Peacomm (Symantec), SMALL(Trend Micro), CME-711, Nuwar (Windows Live OneCare)
Date first reported: 1/19/07
Vulnerable software: NA
What it does: This e-mail worm sends copies of itself to addresses harvested from an infected computer.
Recommendations: Do not open attached files within unsolicited e-mails.
Exploit code available: NA
Vendor patch available: NA
Date first reported: 1/19/07
Vulnerable software: NA
What it does: This e-mail worm sends copies of itself to addresses harvested from an infected computer.
Recommendations: Do not open attached files within unsolicited e-mails.
Exploit code available: NA
Vendor patch available: NA
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
Naked teens attack home director
A killer at 11, he''s free at 21 and kill again!
British Muslims Genocide
230 dead as storm batters Europe.
E-mail contains one of the following attachments:
Read More.exe
Full Clip.exe
Full Story.exe
Video.exe
If the attached file is opened, according to security vendor McAfee, the following occurs:
Two files are added to the system directory:
- %SystemDir%\peers.ini (5,483 bytes)
- %SystemDir%\wincom32.sys (41,728 bytes)
The virus then creates the following within the system registry :
- Hkey_Local_Machine\System\CurrentControlSet\Services\Wincom32\
Imagepath="\??\%SYSTEMDIR%\wincom32.sys"
- Hkey_Local_Machine\System\CurrentControlSet\Services\Wincom32\
displayname="wincom32"
- Hkey_Local_Machine\System\CurrentControlSet\Services\Wincom32\ start="2"
Additional resources
News.com: Snow worm rages across the globe
McAfee: Downloader-BAI
Symantec: Peacomm
