- An email worm that targets systems running Microsoft's Internet Information Services (IIS) enlists infected machines in what appears to be a hacker's vendetta against Microsoft.
The worm, called DoS.Storm.Worm, seeks out and infects IIS systems that have not applied the proper security patches, says Vincent Weafer, director of Symantec's Antivirus Research Center (SARC). Microsoft supplied patches for the problem in August of last year, but some companies apparently have not updated their systems with the fix.
The worm's payload carries out a DoS (denial-of-service) attack on http://www.microsoft.com/, and initiates an email bombing session that sends obscene email messages to email@example.com. Symantec was unsure whether Microsoft actually owns the email address.
The worm follows the same pattern of several malicious programs that circulated this year. Hackers may just be looking for older bugs and exploiting users who didn't install the patches to protect against them, Weafer says.
While the worm can prove troublesome, only a small number of companies are likely to be affected, Weafer says.
"I don't believe this will be a significant threat," he says.
Symantec says the DoS.Storm.Worm can cause a "medium" level of damage, in particular seriously degrading network performance by generating a flood of messages. But the number of current infections is low, and the worm can be easily contained, the company says. It says it hadn't figured out yet where the worm originated or who is responsible for it.