The Storm trojan is still causing havoc and has changed tactics over the last month in order to infect computers, according to the latest Messagelabs report.
The company's research team had observed a large increase in emails with links to virtual postcards and YouTube videos. The team noted a significant outburst on 15 August of 600,000 emails over that day. It estimated that the StormWorm botnet now comprises of 1.8 million computers around the world.
While virus writers change body text and subject lines, the emails always have a tell-tale line of simple text or HTML including a single link to an IP address. That IP address refers to another infected machine within the botnet which subsequently redirects to a back-end server in an attempt to infect the victim with a copy of the StormWorm Trojan code. The back-end server automatically re-encodes the malware every thirty minutes.
"The StormWorm trojan continues to be at the forefront of the threat landscape through its tactic of reinventing itself in different disguises," said Mark Sunner, chief security analyst.
"With such a commanding botnet now in force and no signs of it waning, vigilance needs to be increased and enforced on all unknown and also known web links and attachments," he said.
The worm showed no sign of abating this month. Virus writers took advantage of the Labor Day holiday in the US to spread via holiday-themed emails, according to Vinoo Thomas, a McAfee Avert Labs researcher.
Thomas said that the authors of the latest variant used anchor tags in HTML to mask the greeting card link so that an unsuspecting user does not notice that it actually points to a malicious IP address.
"Hovering the mouse over this disguised link is a quick and dirty way to reveal the real destination address," said Thomas. "Users who fall for this bait are directed to the following Happy Labor Day page."
Thomas said that while enterprise customers have the bandwidth and resources to ensure every machine on the corporate network is fully patched. "It is usually home consumers - the low hanging fruit that fall prey to these malicious tactics," he said.
