SonicWALL, Inc. has been in the forefront of deploying a series of signatures designed to protect against multiple variants of the rapidly-proliferating and sustained Storm Worm Trojan horse attack, named after the violent storms which hit Europe last weekend
Since the first outbreak on Friday, January 19, SonicWALL's vulnerability research team has released a series of signatures designed to detect and prevent currently known Storm attack variants. SonicWALL has logged well over one million instances of the Storm threat, with new variants appearing in rapid succession. Each version of the Trojan horse to date is capable of being updated, in an attempt to stay ahead of security vendors' threat prevention technologies.
This virus is spread via spam emails with an executable attachment offering a highly-colored topical news story. Once the attachment is executed, it automatically downloads additional malware and opens a backdoor in the machine that allows it to be remotely controlled, while installing a rootkit that hides the malicious program. The compromised machine becomes a zombie in a botnet network.
Users of SonicWALL's Unified Threat Management technology, which protects against viruses, Trojans, worms and other threats and vulnerabilities, automatically received updated signatures from the outset of the attack designed to repel the Storm worm.
SonicWALL issued the following signatures designed to protect against this threat:
Gateway Anti-Virus Signatures
------------------------
Small.DAM (Trojan)
Agent.BET.8
Agent.BET.7
Agent.BET.6
Agent.BET.5
Agent.BET.1
Agent.BET.2
Agent.BET.3
Agent.BET.4
The following existing Intrusion Prevention signature also catches most of the newly appearing variants
SID Name
--------------------------------------------------
1052 Greeting Card.exe attachments 2 - SonicWALL
Stay in touch with HULIQ NEWS on Twitter @HULIQ
Comments
Post new comment