Windows ‘Storm Worm’ rages across globe; Apple Macintosh unaffected

A significant network attack was launched globally in the early hours of Thursday morning (GMT) using news of a European storm as the hook to lure the unsuspecting. The message, which was created and launched literally as the storm raged, is exploiting a timely widescale media event as the key mechanism for delivering its payload.

The Trojan was distributed in messages with subject line of “230 dead as storm batters Europe”. The payload in this case was the Small.DAM Trojan that was downloaded into all vulnerable machines upon opening of the spam mail’s attachment such as “Read More.exe”. Once inside the machine, the Trojan creates a backdoor that can be exploited later by the malware authors behind the assault.

As has been seen with other attacks, the likely intention is to create a new raft of zombie computers to steal information and to further propagate large-scale spam and phishing runs.

In addition to the headline “230 dead as storm batters Europe” the spam uses a number of other provocative headlines. Attachments may be of the following filenames: “Full Clip.exe”; “Full Story.exe”; “Read More.exe” and “Video.exe”.

The assault was first picked up by F-Secure Security Labs Kuala Lumpur during the very early hours of Friday European time. The timing of the assault and its detection in Asia leads researchers to believe that the assault also originated in the region.

User of Apple’s Macintosh computers are unaffected.

More info via F-Secure here: http://www.f-secure.com/v-descs/small_dam.shtml

Related articles:
Apple touts virus-free Macs – August 25, 2006
Microsoft’s Windows is inherently more vulnerable to severe malware than Apple’s Mac OS X – August 23, 2006
Chicago Tribune falls for the ‘Security Via Obscurity’ myth – August 14, 2006
Symantec researcher: At this time, there are no file-infecting viruses that can infect Mac OS X – July 13, 2006
Gartner analyst tries to propagate discounted Mac OS X ‘security via obscurity’ myth via BBC – July 06, 2006
Apple: ‘Get a Mac. Say ‘Buh-Bye’ to viruses’ – June 01, 2006
Apple Macs are inherently safer and more secure than Microsoft Windows – November 22, 2005
BusinessWeek columnist propagates discounted ‘Apple Mac security via obscurity myth’ – September 06, 2005
16-percent of computer users are unaffected by viruses, malware because they use Apple Macs – June 15, 2005
USA Today calls iMac G5 ‘exquisite’ but implies Mac OS X more secure than Windows due to obscurity – September 30, 2004
Another columnist trots out Mac OS X ‘Security through Obscurity’ myth – April 03, 2004
Gates: Windows ‘by far the most secure’ system; tries to use ‘Mac OS X secure through obscurity’ myth – January 27, 2004
Q&A Columnist uses ‘security through obscurity’ myth to defend Windows vs. Mac on virus issue – October 04, 2003
Columnist tries the ‘security through obscurity’ myth to defend Windows vs. Macs on virus front – October 01, 2003
New York Times: Mac OS X ‘much more secure than Windows XP’ – September 18, 2003
Shattering the Mac OS X ‘security through obscurity’ myth – August 28, 2003
Is Mac OS X really inherently more secure than Windows? – August 26, 2003
Virus and worm problems not just due to market share; Windows inherently insecure vs. Mac OS X – August 24, 2003

41 Comments

  1. > you would be surprised how many mac users would also download and run an app from an email.

    Except that Mac OS X gives a warning, [whatever].app is running for the first time, do you want to continue? (or words to that effect). If that does not put up a red flag with the user, he/she deserves the consequences.

    Also, even if an evil program is run by a clueless user, it will only affect the areas of the computer to which the user’s account has permissions. It cannot “create a new raft of zombie computers to steal information and to further propagate large-scale spam and phishing runs.” It may be possible, but real world evidence (lack of such malware for Mac OS X) shows that it would be really difficult. Which is why malware author don’t even bother trying, when Windows PCs are infinitely more exploitable.

  2. Cubert writes: “It’s scary that so many computers vital to the infrastructure of the U.S. run on Winblows. I can’t understand why some person or business or government agency hasn’t sued Mafia$oft for their shoddy OS and the time and money spent shoring it up on the user’s end. Lemmings!”

    I remember the reaction of the security community several years ago when the new CIO for Homeland Security (!) said the agencies being brought together would standardize on Microsoft Windows. The Sasser worm hit a few months later. Do we feel secure now?

    Nor does the government utilize what leverage it has against Microsoft. During the years the US Justice Department was in legal battle against Microsoft, Justice was actively standardizing on Windows and Office.

    As to why Microsoft hasn’t been sued for damages, check the End User License Agreement. You use the software at your own risk. I’d bet most folks don’t know that.

  3. Could someone explain to me how it comes Windows users are such IDIOTS? If the attachment has filename with extension .exe what the averaged moron on Windows think it will do by double-clicking it? reading a text file?

    You have to understand…by default Windows doesn’t SHOW them that there is an .exe on the end of it.

    Moreover, if it’s labeled Readthis.txt.exe, Windows shows Readthis.txt to the poor sap.

    This is one of the 9,347 reasons why Windows is a friggin’ security nightmare.

  4. Years ago when I first started getting into computers, I told my PC-centric brother-in-law that I had decided to go Mac. Back then, I didn’t know anything about any sort of rivalry between Mac and PC people. Wouldn’t have thought it anymore than a rivalry between Hitachi TV people and Sony TV people. Anyway, I told him I decided to go with Mac because it was more user-friendly. He promptly told me that Macs were for people who don’t know very much about running computers (*rolls eyes*). Not being fond of being insulted, our relationship soured after that. It was my first introduction into PC-based dementia.

    I have had great satisfaction watching Apple run circles around the entire PC world since then. I have fun bad-mouthing Bill Gates (whom he has a biography of!), MS, and Michael Dell, in his presence and talking about how Apple and Steve Jobs makes them all look ridiculous. And there’s nothing he can really come back at me with. And I know those PC guy commercials must drive him nuts. I’ve heard a lot of crap over the years from PC jerks that talk about Mac users having a smug attitude, but in my experience, it is the PC-centric lowers with the bad attitude, and nothing to back it up with.

    Anyway, these idiots clicking on those unsolicited .exe files I guess are examples of the fact that PC users really are the ones that know more about running computers.

  5. 99.9% of Windows PC users have no idea about dot-extensions like .exe, .jpg, or .doc. These people are sometimes called the “great unwashed”. They obtained a computer because “it’s all the rage”; along with high-speed connectivity. They also tend to leave their computers on 24/7 and their on-line habits are deplorable: tending to open almost every spam message, and clicking on just about every email link thrown at them. THESE FOLKS ARE NAIVE AND WAY TOO TRUSTING, and they are like this because Microsoft had told them that they didn’t need to worry about anything. Now the fhit has hit the san. Dangerous and costly electronic epidemics abound.

    The real culprit is Microsoft. They have built swiss-cheese OSs, rushed them out the door without sufficient security testing, with the hope that users would find and report the problem areas. Microsoft is disgustingly culpable. They have grossly violated their fiduciary responsibility to unsuspecting users. With thousands of programmers in-house, surely they could have set up a crack security group to look for OS and app holes. But nooooooooo, it just slows things down.

    Microsoft should be held financially responsible for ABSOLUTELY EVERY online theft that has occurred and should reimburse all users, financial institutions, and insurance companies WORLDWIDE who have lost money due to their ridiculous software. Billionaire Balmer should be put in jail for premeditated first-degree faulty product distribution.

  6. “So true, Oops. And, usually the comeback argument for one of these PC-defenders isn’t even true anymore. They love to compare XP to System 7 on a 12-year old Mac.”

    Yes. Every “computer expert” I know that bashes Macs usually start out by saying, “Well, I used Macs back in high school and…”
    ow angry they’d get if I compared my current Core 2 laptop with some crappy 386 machine with Windows 3.1.

    PC users are generally dumb (but not all).

  7. PCs SUCK MS iS CRA# Gee. IT pros should just get cool , They seem to have an aversion to macs ..

    They have the bias, : Get the tool for the job!!!! if pcs work OK if not Macs simple… Get over it.

    PS: MS is cra#, Vista is poos and they stole it from .. U know.. and They have been stealing for 20 years its suck is growse and The Law and lawyers Department have not being doing there job. It is a crime to steal IP and Business need to make investments . !!

    Lawyers get off lattes and Think.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.