Subscribe
About

Worm bypasses gatekeepers

Staff Writer
By Staff Writer, ITWeb
Johannesburg, 02 Feb 2007

The Storm Worm continues to evade traditional anti-virus software, says US-based Commtouch.

A report released by the company says the worm makes use of four offensive manoeuvres that virtually guarantee it will "continue evading traditional anti-virus".

The document, "Malware Outbreak Trend Report: Storm Worm", details the characteristics of the Storm Worm, a server-side polymorphic malware.

Its four key tactics include its high-distribution intensity, variety of variants, the limited life of these variants, and the fact that each variety is distributed in relatively small quantities or instances.

"Each of these four characteristics alone is enough to make it difficult for signature-based and heuristic anti-virus engines to catch, but taken together they defeat the traditional anti-virus engines hands-down," says Haggai Carmon, Commtouch VP of products.

"Since this four-part strategy is so effective from the virus-distributors' point of view, we expect it to continue throughout 2007."

Storm Worm was first detected on 18 January, and was informally named as such because early messages leveraged the recent major European storm in its subject line.

Related stories:
Evasive Trojan spreads fast
US tops security threat list again

Share