Malware researchers tracking the threat are privately awed by the sheer volume of spam with social engineering lures to malicious executables. “It’s nonstop, never-ending,” said a virus analyst at a major computer security firm.
The attackers have tied the spam lures to global news events, links to YouTube videos and online greeting cards. The sophisticated operation includes the use of fast-flux networks to avoid shutdowns, a rootkit component to hide from anti-virus scanners and a P2P command-and-control structure that makes it near impossible to kill the controlling server.
The Storm Worm attackers have also hacked into legitimate Web sites and used iFrame redirects to send surfers to Web servers hosting malware downloaders.