Happy Holidays from the Storm Worm

Has the Storm Worm passed? According to reports over the last few months, the danger has been minimized. And yet, some hackers still believe they can have a real impact with what was arguably the most popular bug of 2007. A recent Christmas-inspired version has been released and is reportedly bringing Storm back to its original potency.

Since its debut almost a year ago, the Storm Worm -- which initially created headaches for IT employees, Internet providers, web site owners, and the average surfer alike -- appears to have been downgraded significantly. Like a hurricane passing over land, the Storm Worm was greatly reduced when it met Microsoft, which released an updated version of its Malicious Software Removal Tool a few months ago. Other security companies and IT pros have also done their bit to stop Storm and those behind it.

And yet, those hackers have yet to completely give up on the worm. Fresh Storm attacks are now being emitted by infected systems via spam mail, which redirects unlucky clickers to 'Merry Christmasdude.com' (there's no space in the real version), a web site that in turn again directs users to holiday sites containing a fake video codec download. Those who download the program will be unknowingly connected to a number of peer-to-peer sites, which begin sending out spam. (Source: theinquirer.net)

What shouldn't I be clicking on?

Ars Technica has compiled a useful list of email subject terms that should be avoided at all costs. These include:

• I love this Carol!
   
• Merry Christmas To All
   
• Christmas Email
   
• Warm Up this Christmas
   
• Mrs. Clause Is Out Tonight!
   
• Time for a little Christmas Cheer
   
• The Twelve Girls Of Christmas
   
• Jingle Bells, Jingle Bells
   
• The Perfect Christmas
   
• Santa Said, HO HO HO
   
• Find Some Christmas Tail
   
• Cold Winter Nights

The good news is that some antivirus programs are already capable of weeding out the threat. These include Kapersky, OneCare, and most of Symantec's offerings. Updates for other programs should be expected soon, although with the holidays passed, the problem might work itself out. (Source: arstechnica.com)