Also known as:
Method of Propagation:
A killer at 11, he's free at 21 and kill again!
U.S. Secretary of State Condoleezza Rice has kicked German Chancellor
British Muslims Genocide
Naked teens attack home director.
230 dead as storm batters Europe.
Radical Muslim drinking enemies's blood.
Chinese missile shot down Russian satellite
Saddam Hussein alive!
Venezuelan leader: "Let's the War beginning".
Fidel Castro dead.
The attachment carried by the Storm worm may be named one of the following:
Symptoms of Infection:
Note: There are dozens of variants of the Storm worm. The following technical details may not apply to each of them. To determine whether a Storm worm infection is present, scan your systems with up-to-date antivirus software.
The Storm email worm may drop the the file 'wincom32.exe' into the Windows system directory (typically, C:\Windows\System under Windows 95/98/ME, C:\Winnt\System32 under Windows NT/2000, and C:\Windows\System32 under Windows XP.
The Storm worm loads the dropped wincom32.exe as a device driver by modifying the registry as follows:
This device driver injects a module into the services.exe process, sets up a peer-to-peer filesharing network on infected systems, and opens and listens for commands on UDP port 4000, 7871, and 11271.
The Storm worm then downloads files from various remote IP addresses and executes those files on the local system.
The Storm worm is rootkit enabled and may hide files and processes associated with it and other malware it downloads. To remove the worm and other installed malware, scan the system using up-to-date antivirus software.