Spam-spitting Storm virus, a year old, is as tricky as ever

SAN FRANCISCO -- One of the nastiest — and most persistent — sources of spam just turned a year old.

Since it touched down in e-mail inboxes, the Storm virus has infected at least 1 million PCs worldwide and is responsible for billions of spam messages. Since July, e-mail management company Postini alone has blocked nearly 1.5 billion copies of Storm. (Before Storm hit, Postini blocked about 1 million tainted e-mail messages a day.)

And anti-spam experts expect even more rumblings during the holidays. They predict Storm — which is spread largely through virus-infected PCs — will set record volumes by the end of the year, including up to 500 million messages during the holiday season.

The chameleon-like Storm surfaced in November 2006 as Nuwar, an e-mail attachment purporting to be a news story about an imminent nuclear war between the United States and Russia. What it contained was a computer virus that turned the victim's PC into a machine controlled by others, spitting out penny-stock-fraud spam.

By December 2006, the attachment morphed into a New Year's greeting, with the same malicious payload.

In January, it had a new name, Storm, and disguise: an e-card with a link to a tainted website containing a story about a deadly weather catastrophe.

Popular Reads

Iran live updates: Iranian leader vows 'new defeats' for US

• 2 hours ago

DNA proves remains found in the Columbia River are of a family missing since 1958

• Apr 16, 4:42 PM

President Trump says US Navy will blockade Strait of Hormuz

• Apr 12, 10:22 PM

None of its techniques, taken alone, have been particularly innovative. But its various mutations and morphing techniques always seem to be one step ahead of anti-virus vendors, who can't update spam filters fast enough to block new infections.

Storm's e-mail subject headers have ranged from faux stories about Russian and Chinese missile attacks to electronic love letters, the NFL, and videos from Beyoncé and Foo Fighters. All were fakes, digital teases to trick victims into clicking on tainted Web links.

In addition to employing ever-changing e-mail subject headers, Storm's purveyors in September began planting invisible infections on hobby websites and community forums, including a forum for Apple Macintosh users. Merely browsing to one of these seemingly innocuous websites infected the visitor's PC.