Researchers: Worms not heading underground

During the past two years, security experts and software vendors have downplayed the threat of so-called worm viruses, but new evidence suggests that the attacks are still as dangerous, if not more so, than ever.

While the enormous mass-mailing worm viruses of years past -- such as the well-known MyDoom, Sobig, and Slammer attacks -- that were aimed at crippling IT infrastructure have all but disappeared, smaller outbreaks that aim to load financially-motivated malware onto end users' computers -- such as the recent Storm Worm -- will continue to menace the Internet, according to researchers.

Consensus opinion among security experts has been that as businesses and consumers improved their desktop security tools and computing habits, it became harder for malware writers to lure the same volumes of people with worms. This trend pushed the attackers away from creation of the self-propagating threats and further into financially-motivated crimeware, market watchers observed.

However, the continued spread and modification of Storm Worm, which first surfaced in mid-Jan. 2007, could illustrate an emerging breed of the attacks that is likely to trouble users in years to come.

On Feb. 27, workers at security software maker Secure Computing released details of a newly-emerging variant of Storm Worm that adds a Web-based social engineering component to the attack's more traditional e-mail and IM delivery models.

According to San Jose-based Secure, the new version of Storm Worm sits on an infected computer and waits for a user to post a message to a Webmail system or online bulletin board site, and then adds a link to those communications that sends anyone who clicks on the URL to a malware-laden Web page.