Storm worm still on botnet-building path

The so-called storm worm has evolved into a worldwide ploy to build armies of botnets to send mass spam, security researchers said this week. The malware – dubbed Peacomm by Symantec and Pecoan by CA – began spreading Thursday as an attachment, claiming to have video of last week’s deadly European wind storm.

It now arrives in inboxes with a romantic subject containing different filenames. The new variants also include rootkit technologies to cloak their presence, with the ultimate goal of infecting hosts to deliver junk mail.

"The primary goal is to create a botnet that sends tons and tons of penny stock spam," Amado Hidalgo, senior security response manager for Symantec, said Tuesday on the company’s blog. "During our tests, we saw an infected machine sending a burst of almost 1,800 emails in a five-minute period and then it just stopped. We are speculating that the task of sending the junk email is then passed on to another member of the botnet."

Reports claimed the trojan has infected at least 1.6 million PCs, and Symantec raised its risk level to a category 3 threat, out of a possible five. A spokesman for the anti-virus giant said the May 2005 Sober worm was the last time researchers saw a threat spread with such explosiveness.