ARCHIVED: What is the Storm worm, and how can I protect myself?

The Storm worm is a Trojan horse that opens a backdoor in the computer which then allows it to be remotely controlled, while also installing a rootkit that hides the malicious program. The compromised computer becomes a zombie in a botnet. This particular worm also has the ability to update itself, so that updated infections can be fed into the compromised computer.

The Storm worm first appeared in January 2007 as severe storms swept over Europe. Users received a phony email message purporting to contain vital news updates about the storms. Since then, a variety of subjects have been used to lure users to open the email.

In a recent wave of attacks, the emails purport to notify users that they have received a postcard or electronic greeting card from a friend, family member, or mate. The body of the email message provides a link where the card can be picked up, but really directs the user to a site that installs the malicious software. Once the bot has installed, it can harvest email addresses from that machine and propagate itself.

UITS recommends that you keep your antivirus software as up to date as possible. Also, because malware can be downloaded and installed inadvertently, log in with a limited account for everyday tasks and as a privileged user only when needed. For more information, see About the principle of least privilege