The Storm Worm began infecting mostly private computers in Europe and U.S. in 2007. In that year this worm virus accounted for 8% of malware infections globally. The virus spread through e-mails as an attachment. When an attachment is opened, the malware installs the wincom32 service, and injects a payload, passing on e-mail to destinations encoded within the malware itself. According to some antivirus company reports, it may also download and run the Trojan.Abwiz.F trojan, and the W32.Mixor.Q@mm worm. The Trojan disguises on the spam with names such as "postcard.exe" and "Flash Postcard.exe," with more changes from the original attack as it mutates. Some of the known names for the attachments include:
- Postcard.exe
- ecard.exe
- FullVideo.exe
- Full Story.exe
- Video.exe
- Read More.exe
- FullClip.exe
- GreetingPostcard.exe
- MoreHere.exe
- FlashPostcard.exe
- GreetingCard.exe
- ClickHere.exe
- ReadMore.exe
- FlashPostcard.exe
- FullNews.exe
- NflStatTracker.exe
- ArcadeWorld.exe
- ArcadeWorldGame.exe
- with_love.exe
- withlove.exe
- love.exe
- frommetoyou.exe
- iheartyou.exe
- fck2008.exe
- fck2009.exe
