Researchers: Worms not heading underground


Threats that sit on the Storm-generated sites include variants of the attack itself, along with a range of crimeware programs aimed to steal sensitive personal or financial information.

Viruses like Storm, which can also be classified as a Trojan rootkit, reflect the manner in which attackers will leverage the time-honored worm platform to pass along their latest work, said Dmitri Alperovitch, principal research scientist at Secure.

"We're not discounting the threat from targeted financial attacks, but those tend to take a lot of work to pull off, as the attacker must do recon on the organization or user and put a good deal of effort into each target," Alperovitch said. "The payback on those attacks is probably greater, but these types of worms like the new variants of Storm can pay for themselves pretty quickly; there's little doubt we'll see more designed in this manner."

In addition to using the worm approach to distribute cutting-edge malware, the Storm variations have adopted a number of other characteristics typically associated with newer attacks. The threat code itself is being changed at a rapid pace to avoid detection by antivirus systems, according to the Secure researcher, and is using an ever-changing list of URLs and IP addresses to deliver its payload and fly under the radar.

The swiftly-changing profile of Storm Worm will make it hard for traditional security products to keep up with such threats, he said.