Elain Brown Tech 07.15.2022 09:Jul AM EDT

[VIRAL FLASHBACK] Storm Worm: Here's What You Need to Know About the Trojan Virus First Discovered 15 Years Ago

As severe storms sweep across Europe, the first signs of the spread of a vicious malware called "Storm Worm" starts spreading.

On Friday, January 19, 2007, the world was given its first look at the botnet that would go on to become the largest in the world.

ZDNet reports that the purpose of the email was to convince recipients to download an executable file by claiming to contain time-sensitive information about the local climate.

The name Storm seems very fitting to this virus since it has affected a widespread of systems and devices. The Storm worm is described to have done grave damages.

The researchers following and investigating the virus would quickly discover that it was a complicated piece of malware that was difficult to eliminate.

The Storm Worm was able to infect up to one million computers, it was able to consume resources and prevent hundreds of thousands of people from accessing the internet at the same time.

The majority of which were located in Europe but also affected a huge number in the United States. Storm was the most powerful virus of its kind, to the point where it was able to block access for the entire country of Estonia.

Storm possessed characteristics that continue to impress researchers to this day.

Storm Worm's Massive Attack

Storm was a hybrid attack that combined multiple different types, making it significantly more complex than its name would imply, according to Hyper.

Storm was a Trojan virus, which is a type of malicious software that masquerades as an innocuous or everyday activity.

Additionally, it is also a bot. Storm is a malicious bot that takes control of a user's machine and then automates minor actions.

This is typically done for the purpose of credential stuffing, SPAM campaigns, and launching a distributed denial-of-service (DDoS) attack when the user joins a botnet.

Aside from being a trojan horse and a malicious bot, Storm also functions as a worm. Which is a type of self-replicating computer virus that can quickly or eventually cause a computer to become overloaded or consume bandwidth.

Storm Worm's Methodology

Storm Worm Targets Windows OS Devices

The Storm Worm infected computers running the Windows OS and allowed the malware to have complete control. The malware was capable of different functions, such as installing backdoors for remote access into the machine, launching DDoS attacks, stealing its email addresses, and launching SPAM email campaigns to further spread Storm.

Malicious Threat Actors Were From Russia

Security researchers have come to the conclusion that Storm was perpetrated by a Russian hacker group based in St. Petersburg.

Zhelatin Gang, also known as Storm Gang, or the notorious cybercrime organization Russian Business Network are some of the names that have been or are still being used for this group.

Their goal was to make a profit, and they saw the Storm Worm as an investment opportunity similar to a penny stock.

Storm Contains a Polymorphic Packer

Storm is a trojan virus whose code contains a mutation engine to alter its signature. As anti-virus companies start registering the malware in their data-base, it would have a very difficult time.

It would fail to recognize the virus from its recorded signature. Storm's package included a polymorphic packer, which allowed it to change its signature every 10 to 30 minutes depending on version.

Spreading Storm Worm By Social Engineering

The actors behind the launch of Storm worm used in their advantage a lot of social engineering skills for it to spread across as fast as it did.

The actors deployed very clever and cunning strategies to spread it. The launch of Storm took place on Friday, January 19, 2007, which was a few days after the cyclone Kyrill had developed over Newfoundland.

The cyclone Kyrill was ultimately responsible for the deaths of 57 people. So during the attack, the actors used subject lines such as "230 dead as storm batters Europe."

Or if not about the cyclone they would send enticing subject lines formulated to trigger excitement and curiosity so that other people will open it.

Storm worm attacks have now been lessened and less rampant. It now only infects a few thousands compared to that time in 2007 where its victims reached a million.