A huge virus surge of a new Storm Worm variant is flooding e-mail inboxes and evading many antivirus programs. In my tests of 31 programs, only four reported a virus.Postini, an e-mail security company, says that over the past 24 hours it has seen about 55 million virus e-mails, about 60 times the daily average. The first e-mails had romance-themed subjects: “A kiss so gentle” or “I dream of you,” for instance. The latest batch attempts to fool readers—with subjects like “Worm Alert!” or “Virus Alert!”—into thinking they are already infected and need to apply a supplied patch—an attached virus.We received one such virus e-mail at PC World titled “Worm Alert!” The e-mail included a text message embedded in an image, which makes it easier to evade antispam tools. The attachment was a password-protected archive named “patch-7594.zip,” with the password contained in the image’s text.Outwitting AntivirusAt 2:30 p.m. I uploaded the attachment to Virustotal.com, which uses many different antivirus programs to scan uploads. Of 31 programs, only 4—ClamAV, eSafe, Kaspersky, and Symantec—reported a virus. According to Postini, double-clicking the attachment unleashes a succession of modern malware attack methods. First, a rootkit will attempt to hide the malware from both human and antivirus scans. Then the worm will attempt to disable antivirus programs. Next, the worm connects to a custom peer-to-peer network used by the worm’s creators to issue commands. Those commands might be to download additional malware, send spam, or transmit personal data stolen from the victim computer.Finally, to spread itself further, the worm searches for e-mail addresses on the victim machine and sends itself to any discovered addresses. The worm is self-mutating, according to Postini, changing e-mail subject lines, attachment file names and malware characteristics in order to evade antivirus and antispam programs. Cloudmark, another e-mail security company, says it sees similar outbreak numbers. Today’s flood is 10 times as large as one this past Sunday, which also involved the virulent Storm Worm.A Growing StormFirst seen in January, the Storm Worm was originally named for subject lines such as “230 dead as storm batters europe.” It created its own virtual storm with 42,000 different variants over a 12-day period, according to security company Commtouch. The huge number of variations was meant to confound traditional signature-based antivirus protection, which must know about each variant to protect against it.To stay safe from today’s ongoing worm surge, exercise extreme caution with any unexpected e-mail attachments, even if they seem to come from someone you know. Also, be sure your antivirus software is up to date. Though most antivirus programs are currently missing at least some of the variants, the companies will update their signatures as the attack progresses.-Erik Larkin, PC World Related content news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Regulation Regulation news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks feature How to pick the best endpoint detection and response solution EDR software has emerged as one of the preeminent tools in the CISO’s arsenal. Here’s what to look for and what to avoid when choosing EDR software. By Linda Rosencrance Sep 25, 2023 10 mins Intrusion Detection Software Security Monitoring Software Data and Information Security feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Data and Information Security IT Leadership Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe