Storm Worm takes advantage of Christmas bliss

It’s been a while since I have updated. This time of year is always crazy. But at least I return with a good one. This time of year is stressful enough for many, without having to worry about things like this while trying to spread holiday cheer.

‘Tis the season and there’s a storm a brew’n. The Storm Worm that is… and it’s back. < / awful puns >

We saw the Storm Worm back at the beginning of the year (2007). It was a huge headache for home users and system admins alike. According to Wikipedia, “The Storm Worm began infecting thousands of computers (mostly private) in Europe and the United States on Friday, January 19, 2007, using an e-mail message with a subject line about a recent weather disaster, “230 dead as storm batters Europe”.[6] During the weekend there were six subsequent waves of the attack.As of Monday, January 22, 2007 the Storm Worm accounted for 8% of all infections globally.”

If you thought parents elbowing and kicking each other for the last Tickle Me Elmo doll this time of year was bad , the creators of the Storm Worm had a surprise for you, just in time for Christmas. A new version of the Storm Worm has surfaced, taking advantage of users during this holiday season.

Arstechnica is reporting that “Storm-infected systems are kicking out spam mail directing recipients to the Merry website (space inserted for security purposes). Once there, visitors are bounced to a few shell sites, shown various “holiday-themed” images and offered a (fake) video codec download. Download and install it, and the worm promptly connects to various P2P sites and begins spamming. Russ MCree at has a writeup on the worm’s specific activities and system modifications for those curious about how Storm does what it does. This new iteration of Storm appears to duplicate most, if not all, of its predecessor’s approach to infecting and configuring the target PC.”

If you are concerned about infection, you should check the website of the company that makes your anti-virus program and/or a little google-fu should let you know if you are currently protected.

Some of the observed email subjects from Storm Worm include (but not limited to):

  • The Twelve Girls Of Christmas
  • Time for a little Christmas Cheer
  • Merry Christmas To All
  • Christmas Email
  • Warm Up this Christmas
  • The Perfect Christmas
  • Santa Said, HO HO HO
  • I love this Carol!
  • Find Some Christmas Tail
  • Mrs. Clause Is Out Tonight!
  • Cold Winter Nights
  • Jingle Bells, Jingle Bells

Sadly I was on vacation and unable to post about this sooner. Most of the damage will have been done on Christmas, two days ago. Hopefully this post will at least minimize any aftershocks or allow users who may have been infected and not realize it to be aware of this worm and do something about it.

[X-posted from my blog SecureTomorrow.Org


  1. Thanks for the info! I’ll probably get the worm anyway… I’m good at reading up on things and forwarding on info, then I end up forgetting it ALL and opening a stupid virus. Cross your fingers that I don’t!


    1:47 pm

  2. Do Linux users have to worry about this? I doubt I got the virus, as I’ve seen NO emails of this nature, but I will forward this to my family as a warning.

    P.S. my icon is better than your icon <3


    2:04 pm

  3. Only Windows users are at risk.


    4:15 pm

  4. mmmm mac.
    so glorious and safe.


    8:44 pm

  5. I now say the same with Linux…. esp since dear, sweet Kevin hooked me up w/ it 🙂 BUT I will say that my next computer is going to be a mac 🙂 🙂 🙂

    (since I can’t afford a mac at this moment, I went for the next best thing: Linux, at Kevin’s urgings)

    ****** I also blame Kevin for wanting my next computer to be a mac 😛


    1:10 am

  6. oh honey, there should be no blame at all.
    i converted in 2004 and there’s been no turning back.


    8:48 am