Rusbiz Newsletter   Easy, low cost incorporations. Click Here.
HomeCategoriesArchiveAdvertisePrivacy StatementFeedbackAbout UsRusbiz Home
Ezine for online business community
to receive the ezine
Your Name
Your E-Mail*:

    BECOME A MEMBER of B2B portal for free! Members have access to a unique ecosystem of integrated and cost-effective business solutions.

 this newsletter
 to your friend
  Receiver's E-mail*:  
  Sender's Name*:  

  Network with like-minded business people.
Ask business related questions.
Help others in getting right answers.
Use brand new Rusbiz forum to publicize your opinion.

"Internet Success Private Site" has everything you need to succeed online! Click here for more information!

Rusbiz Services

 The 10 Natural Laws of Successful Time and Life Management: Increase Productivity and Inner Peace
Interactive Marketing Ezine: Your guide to generating online Success! Essential marketing methods and traffic-generating techniques! Plus: Weekly Free ads!



Magazines of America


#79 [24.01.2007]

Are You Protected from Storm Worm?

By Nowshade Kabir İ

Are You Protected from Storm Worm?

A new Trojan named as "Storm Worm" has started to take the Internet by storm! This Trojan is responsible for over 17 percent of all emails generated in last couple of days and managed to infect over 1.6 million computers in first four days alone. Symantec Corporation claims that this is the biggest outbreak of a virus since sober.O came out in May of 2005.

The virus emerged on January 18, Thursday when northern Europe was hammered by hurricane-force winds and heavy precipitation, killing 27 people and disrupting travel for tens of thousands. The storms were among the worse in years and naturally people were eager to know what was happening. Preying on people's curiosity and using tabloid like headline "230 dead as storm batters Europe" criminals dispatched hundreds of thousands of virus infected emails to unsuspecting users. The goal was to lure users into opening the emails and downloading attached files.

Over the weekend there were six subsequent waves of the attack, with each email attempting to lure users into downloading an executable by promising a topical news story. The subject line of the emails carried one of the following headlines:

  • A killer at 11, he's free at 21 and kill again!
  • U.S. Secretary of State Condoleezza Rice has kicked German Chancellor Angela Merkel
  • British Muslims Genocide
  • Naked teens attack home director
  • 230 dead as storm batters Europe
  • Re: Your text
  • Radical Muslim drinking enemies's blood
  • Chinese missile shot down Russian satellite
  • Chinese missile shot down Russian aircraft
  • Chinese missile shot down USA satellite
  • Saddam Hussein alive!
  • Venezuelan leader: "Let's the War beginning"
  • Fidel Castro dead

Some of the e-mail messages have also been changed to prey on the romantic types. Recent versions of these Trojan e-mails have contained subject lines such as "A Bouquet of Love", "A Day in Bed Coupon", or "A Monkey Rose for You".

The respective attachments with the Trojan horse malware have names like:

  • FullVideo.exe
  • Full Story.exe
  • Video.exe
  • Read More.exe
  • FullClip.exe
  • GreetingPostcard.exe
  • MoreHere.exe
  • FlashPostcard.exe
  • GreetingCard.exe
  • ClickHere.exe
  • ReadMore.exe
  • FlashPostcard.exe
  • FullNews.exe

Our Services
B2B Portal Deal Management
E-commerce Market Research
Web Marketing Add products to E-catalog
Web Stores Advertisement
Web Design Packages

The "Storm worm" contains a very large number of diverse, small quantity modifications, which were released from numerous places at the same time and in a particular sequence. By distributing so many variants simultaneously, the virus distributors attempt to jeopardize the effectiveness of signature-based anti-virus engines so that AV programs become futile in safeguarding the computers. This is creating a real problem for Anti malware vendors. Even the latest updates of an antivirus program does not guarantee full protection from increasing number of new variants of this malware.

Each of the antivirus vendors calls this Trojan by a different name. Symantec calls it "Trojan.Peacomm", McAfee calls it "Downloader-BAI.gen and ESET calls it "Win32/Fuclip.A Trojan".

How it works

Once a user downloads the attached to the infected email executable file, the program installs two .ini files, peers.ini and wincom32.ini, and a system file called wincom32.sys. This is the Trojan, and it creates a backdoor, a security hole, in the computer. This allows hackers to bypass security authentication and get remote access to the system and install a rootkit. A rootkit is a set of programs used to hack into a system and gain administrative-level access. Once a program has gained access, it can be used to monitor traffic and keystrokes; create a backdoor into the system for the hacker's to use; alter log files; attack other machines on the network; and modify existing system tools to avoid detection. Rootkits are an extreme form of System Modification Software.

After getting installed the Trojan horse seeks out five downloadable files from other computers: TROJ_AGENT.JVH, TROJ_AGENT.JVI, TROJ_AGENT.JVJ, TROJ_DORF.AA, and WORM_NUWAR.CQ. When the Rootkit is installed the compromised machine becomes a zombie in a network called a botnet. Botnet is a jargon for a collection of software robots which run autonomously. A botnet's originator can control the group remotely, usually through a means such as IRC, and use it for malicious purposes. Most botnets used for malevolent intention are currently controlled through a central server. This server is relatively easy to deactivate once found, which in turn eliminates the botnet. However, this particular Trojan embeds a new type of botnet without any one centralized server and works more like a peer-to-peer network. The other uniqueness of this virus is its ability to infect Windows Vista.

What is next?

Over the coming days there would be more attacks. Apparently, the malware distributors are using the botnets to spread spam that is designed to jack up "pump and dump" penny stocks and various adware.

How to safeguard your computer?

If you take the following steps, your computer will be virtually safe from any similar virus attacks:

  • If you have not updated your Windows system with the latest Microsoft patches, do it
  • Get an Antivirus program and install it in your computer
  • Regularly update your Antivirus program
  • Get a firewall similar to Zonealarm or enable Windows XP's built-in firewall
  • Make sure that your email filter blocks all executable mail attachments
  • Scan your computer for viruses regularly

What to do if you got infected anyway?

If you got infected anyway do the followings:

  • If you are using Windows Me or XP, first disable System Restore
  • Update your antivirus program
  • Run a complete system check-up
  • Clean up the registry keys by navigating to
  • Delete the two .ini files mentioned earlier

Don't become a victim! Take necessary precautions before culprits get hold of your computer.

Discuss this article at our new forum

How to Link to This Page?

To link to this page from your website, simply cut and paste the following code to your web page.

It will look like on your page as:

Are You Protected from Storm Worm?


  RSS logo  
  #79 [24 Jan 2007]
Are You Protected from Storm Worm?

  #78 [10 Nov 2006]
Increase sales with eCommerce 2.0

  #77 [15 Oct 2006]
Web 2.0 in eCommerce

  #76 [15 Sep 2006]
How to Use Internet in Your Export Business

  #75 [20 Aug 2006]
Six Reasons to Use a B2B Marketplace


Internet Business Ideas
E-business Development and Implementation
Internet Viruses and Scams
Online Promotion and Marketing
Business Management & Enterprise Applications
Motivational and Personal Development
Web Experience Enhancement

Related Articles
Are You Protected from Storm Worm?
Protect Your Computer from Latest Virus
Beware of Spyware
Be Aware of Phishing Scams!
"MyDoom" virus and how to protect your computer from it

Peter Bain Forex Trading Video Course

Tel3 Prepaid International Long Distance Calling

About the author
Nowshade Kabir is the founder, primary developer and present CEO of A Ph. D. in Information Technology, he has wide experience in Business Consulting, International Trade and Web Marketing. Rusbiz is a Global B2B Emarketplace with solutions to start and run online business. Click here to contact him.