A new alternative of the Storm worm has emerged, but it does not appear to be as well-designed as its older relative, according to computer security researchers.
The Storm worm first emerged in early 2007 and spread quickly, making it one of the most fruitful and widespread worms ever. Once it infected people's computers, the worm sent million upon millions of spam messages.
The Shadowserver Foundation, which tracks botnets, first received a sample of the new version of the worm on April 13, said Steven Adair, via instant message.
The worm was then reverse-engineered by the Honeypot Project, which studies intimidation on the Internet. The new worm was found to be based on the old code, but some of the elements that made Storm hard to disrupt were gone, according to a blog post from the organization.
The new Storm doesn't communicate using a peer-to-peer system, a decentralized way to have computers infected with the code communicate with each other and receive new spam commands. That may be because researchers have been effective in disrupting peer-to-peer botnets, Adair said.
The new Storm communicates via HTTP traffic, but it is programmed to receive instructions from one IP (Internet Protocol) address hosted by a server in the Netherlands. The ISP hosting that server has been contacted, Adair said.
Since it is receiving instructions from just one IP address, it means the new Storm may not last that long, Adair said. It is also not employing fast instability, which allows an administrator to quickly point a domain name to a new IP address, making it harder to shut down.
The new Storm "doesn't seem as flexible as the older version," Adair said.
It's not known how many computers may be infected with the new Storm. Computers are believed to be getting infected through drive-by downloads, where a Web site attacks a user's computer looking for software vulnerabilities in order to deliver malicious software.