PC Tools warns global virus ‘storms’ are on the rise

SAN FRANCISCO, CA August 08, 2007 PC Tools malware researchers warn the latest epidemic of the Storm Trojan which is being disguised as e-cards, and are infecting computers world–wide, is only the tip of the iceberg.

“The malware writers of this latest influx are suspected to be based in Russia or the Ukraine and their attacks are extremely sophisticated using advanced evasion techniques to get on and stay on victims PCs,” explains PC Tools Chief Threat Officer Kurt Baumgartner.

“What we are seeing with these latest attacks are typical social engineering emails telling recipients they have received an e-card from a friend, loved-one or colleague then enticing the user to click a link to view the card. Once the link is clicked a wave of malware is unleashed by taking the victim to a webpage that exploits their browser and infects the PC without any additional action required,” explains Baumgartner.

“Consumers are naked against this new plague of zero-minute attacks. We are talking about new exploits, in large volumes, sometimes every 30 seconds. This next generation of malware requires automated computer systems to combat large volumes of malware as human manpower is simply not enough.

“With thousands of malware threats being released every day, or even every minute, how can products which are solely reliant on signature-based solutions detect rapidly changing exploits? They can’t, the only solution is behavioral-based protection - such as those being developed by PC Tools’ advanced research team” said Baumgartner.

“This is what has brought us into the era of Malware 2.0. Without an automated response present signature-based solutions cannot handle the job.”

Baumgartner explains, “Traditional anti-virus products are unable to decrypt, analyze and effectively distribute signatures for thousands of undetected and rapidly changing malware binaries in this extremely small window of time. Their scanners are ineffective against the newest variants at the moment of infection and by the time the signatures catch-up it’s too late.”

“The e-card threats not only collect email addresses to be used for sending SPAM but current variants are installing rootkits - which hide themselves and unknowingly change the function and performance of the victims’ computer.”

Baumgartner further explains, “Technically, the current variants are installing rootkits that run hidden processes and add the victim’s computer to a large peer-to-peer (P2P)* network that not only will link it to a large spam producing botnet**, but will slow computer performance.

“Furthermore, these e-card threats are also designed to kill popular anti-virus products when it detects them starting, ensuring a persistent bot-enabled system once the malware is installed and the system rebooted. The threats also leave the system exposed to possible back-door and remote exploits, meaning all the data on the machine is being put at risk.”

Baumgartner cautions these new Malware 2.0 threats, are infecting computers on a global scale.

PC Tools has posted a detailed technical analysis, generated by their automated threat analysis system Threat Expert, of the latest Storm variant. The report can be viewed online at http://www.pctools.com/threat-expert/sample/report/storm/

Users and other security researchers are invited to submit their own threat samples to Threat Expert to receive an automated analysis of their submission.

Current awards include: PC Magazine Best Anti-Spyware 2005, Editor’s Choice 2006; Windows XP Magazine, Editor’s Choice; PC Pro Recommended 2006, A List product; PC Answers Editor’s Choice 2006; PC Advisor Gold award 2006; PC User ‘Top Buy’ 2006; Computer Shopper Best Anti-Spyware of 2006. We have also received Virus Bulletin and Checkmark Certification 2007.

ABOUT PC TOOLS™

PC Tools is a global software leader with a cache of security and utility products, including the multi award-winning Spyware Doctor 5.0™. PC Tools is an industry leader in real-time anti-spyware and has a number of key patents pending. PC Tools’ award-winning Spyware Doctor is now available at all major retailers across North America including GeekSquad™, Target, Office Depot, and Best Buy.

PC Tools now has two security research facilities: one in Sydney, Australia and a second in Boulder, Colorado. The company is headquartered in Sydney, with offices in San Francisco, London, Shannon (Ireland), Melbourne, Kiev and now Boulder, Colorado. PC Tools has a global network of distributors, resellers, and retailers.