There has been a huge new worm outbreak, with email virus volume spiking at many times normal levels, according to security service provider Postini.
The worm is an executable carried on a spam email bearing, ironically, a virus warning. Subject lines include Worm Alert! or Worm Warning, according to the SANS Institute’s Internet Storm Center.
The worm is believed to be a variant of the Storm Worm that has been causing problems since January. The payload, like most payloads nowadays, is a full root compromise package that turns ownership of the victim PC over to the attacker when executed.
Postini, which sees about two billion emails pass through its systems every day, saw 7.7 million viruses in yesterday, 7 million of which were the new worm, which the company called new malware.br.
For comparison, Postini sees about 1 million viruses a day normally. At one point yesterday, the company was reporting that virus levels were 60 times higher than the usual daily average.
As a worm, it’s self-replicating. It can find email addresses on computers it infects, and forward itself to those addresses. An old tactic, maybe, but clearly one that still works.
It also detects and turns off any antivirus software it finds on victim PCs.
Victims become part of a peer-to-peer botnet, which is used as a channel for delivering more malware to their machines and for personal data to be sent to the attacker.
For enterprises, the problem of malware executables arriving as email attachments should have been licked many years ago. It’s not difficult to block executables at the email gateway, even without antivirus software, and there are few legitimate reasons for most users to be sending or receiving executables anyway.