The Storm Worm (dubbed so by the Finnish company F-Secure) is a backdoor / Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:
- Small.dam or Trojan-Downloader.Win32.Small.dam (F-Secure)
- CME-711 (MITRE)
- W32/Nuwar@MM and Downloader-BAI (specific variant) (McAfee)
- Troj/Dorf and Mal/Dorf (Sophos)
- Trojan.Peacomm (Symantec)
- TROJ_SMALL.EDW (Trend Micro)
- Win32/Nuwar (ESET)
- Win32/Nuwar.N@MM!CME-711 (Windows Live OneCare)
- W32/Zhelatin (F-Secure and Kaspersky)
- Trojan.Peed, Trojan.Tibs (BitDefender)
The Storm Worm began attacking thousands of (mostly private) computers in Europe and the United States on Friday, January 19, 2007, using an e-mail message with a subject line about a recent weather disaster, “230 dead as storm batters Europe”. During the weekend there were six subsequent waves of the attack. As of January 22, 2007, the Storm Worm accounted for 8% of all malware infections globally.
There is evidence, according to PCWorld, that the Storm Worm was of Russian origin, possibly traceable to the Russian Business Network.