Learn the latest information and statistics about the Storm worm and the threat it poses to individuals and organizations.

On January 17, 2007 a dangerous new malware threat had been released by a Russian-based criminal network and proceeded to rapidly infect tens of thousands of machines in Europe and North America. The Storm Worm, which takes its name from the initial email campaign that referenced the deadly winter storm battering Europe at that time, represented a paradigm shift in malware design.

It was the first large scale virus to be based on a peer-to-peer (P2P) command and control protocol, which allowed its bot network to be nearly invulnerable to shutdown attempts. It was also the first to demonstrate the convergence of the web and messaging communication spectrums in the malware space by utilizing both email and web-based infection vectors. Over the last year, the Storm worm proceeded to infect millions of machines around the world and cunningly change its message to reference newsmakers, news headlines and popular events and holidays (Saddam Hussein, Fidel Castro, start of NFL season, Christmas and New Year's, etc).

The key characteristics that in aggregate make Storm unique and different from other malware are:

• Resilience: The pioneering of use of P2P command and control protocol, fast-flux networks and protocol encryption to ensure survivability of the network against attack by researchers and competing botnets
• Patience: Storm is not always on the attack and there are often long periods of quiet downtime during which the authors are no doubt polishing the message for their next attack and evolving the capabilities of the malware
• Multi-vector infection mechanism: Augmentation of traditional email-laden viruses with web-based infections through blogs and other websites
• Social-engineering: Storm's authors are very adept at using social engineering messages, such as emails about personal greeting cards, funny YouTube videos and news headlines, to infect a wider population of victims
• Transformation: The malware is in constant state of flux, always changing its message, delivery mechanisms and utilizing server-based polymorphism to repackage its files every few minutes to avoid anti-virus detection
• Self-Defense: Storm pioneered the use of automated offensive self-defense mechanisms by launching Distributed Denial of Service (DDoS) against researchers performing analysis of the botnet
• Spam Innovations: Storm was responsible for a number of new innovations in the delivery of spam, such as PDF and Excel-based spam, as well as audio and video spam
• Stealth: Like many of today's malware, Storm does not cause any destruction or degradation of performance on an infected machine and utilizes a variety of methods (rootkits, anti-debugging features, etc) to stay hidden for prolonged periods of time
• Modularity: Storm includes several malware components that have specific responsibilities for certain parts of its operation, such as hosting Web and DNS servers, sending spam and launching DDoS attacks