Intrusion Prevention

Trojan.Storm.Worm.HTTP.DoS

Description

W32.Storm.Worm arrives on a victim system as a file attached to spam emails, where it loads a malicious service named "wincom32". It seeks out Microsoft Internet Information Services (IIS) systems that have not had the proper security patches applied. Any such systems that it finds are then infected with the worm. The payload of this worm performs a DoS attack on http://www.microsoft.com.

Affected Products

The following systems are affected:
Windows 95
Windows 98
Windows NT
Windows 2000
Windows Me
Windows XP

Impact

System compromise.

Recommended Actions

Use antivirus software to scan and clean the system.
Do not open suspicious email.

Other References

Small.DAM W32.Storm.Worm