UCSD Blink: Virus Alert: Storm Worm

Related Links
Keeping Your Computer Virus-Free
Menu: Security
Departments
	Administrative Computing and Telecommunications

Blink Home > Technology > Virus Alert: Storm Worm

Virus Alert: Storm Worm

Summary: Protect your computer from Storm Worm, an especially malicious and costly bot/ virus.

If you use Windows XP, you can get Storm Worm. This virus is carried in spam e-mail messages that invite you to click links to see postcards, verify memberships, or view videos. Just one click and you can lose data, give criminals access to your computer, and spend many days and hundreds of dollars fixing the problem.

You are responsible for detecting and ridding your computer of Storm Worm. An infected UCSD computer puts our network at risk, and so does an infected home computer. You can be liable for criminal acts committed through your computer by Storm Worm's creators. Find out how to:

What to do		How to do it
	Prevent Storm Worm.	Storm Worm invades via e-mail. If you open a Storm Worm link, you'll immediately be prompted to download an applet, something users often do without thinking. Storm Worm e-mail messages constantly change, so watch for new twists in spam subject lines. Follow these guidelines: Delete spam without opening it or clicking links, especially messages with subjects like these: You have received a postcard from Your log-in information (message verifies membership to a site you don't remember signing up for) Check this film out! (message invites you to view a youtube.com clip) Stop and consider the consequences before you agree to download something or open, allow, or disable a port. If you're not sure that an e-mail is from a friend or colleague, check with the other person before opening the e-mail. Keep your antivirus software current with automatic updates. Activate your computer's firewall.
	Determine if you have Storm Worm.	Storm Worm affects only Windows XP users. If you use Windows XP and your computer runs more slowly than usual or you see unexpected pop-up windows, you may have a virus. Try one of these strategies to check for Storm Worm: Try logging on to a Single Sign-On application such as FinancialLink. UCSD uses Single Sign-On to screen for Storm Worm, so if your machine is infected, you'll be directed to a special page. Run your antivirus software. If your software finds any bits of code listed below, disconnect from the Internet immediately because your computer has Storm Worm. Agent Crypt.XPACK Dorf Downloader-BAI Dropper.gen6 Fathom Fuclip Groan Killer.Ecard Nuwar Packed.13 Packed.142 Packed.145 Peacoan Peacomm Peed Rootkit.47744 Rootkit.dam Sintun Small Sploder Stormworm Tibs TR/Patched Trojan.Spambot Win32.Spamtool Zhelatin
	Clean your work computer.	If you have a department computer support contact (or DSA): Notify your support contact immediately. Explain that you think your computer has Storm Worm and must be removed from the UCSD network. A patch is available to remove Storm Worm. Your DSA may run this patch for you, or direct you to follow the instructions. If you don't have a department computer support contact: Disconnect your computer from the UCSD network. Contact the ACT Help Desk at (858) 534-1853, ACS Desktop Support, or Computer Repair and Installation. Explain that you think your computer has Storm Worm and your department does not have technical support. They may direct you to a patch to remove Storm Worm. If you need to schedule a repair, both Desktop Support and CRI will charge your department via recharge.
	Clean your home computer.	To remove Storm Worm, you can either download a patch (developed by ACT), or reformat your computer and then reinstall Windows and any other programs from original disks. (You may want to hire a computer repair specialist to avoid losing important data. Expect to pay up to $500.) If you decide to remove Storm Worm yourself, follow the instructions for installing the patch. UCSD does not take any responsibility for harm to your computer that may result. If you decide to reformat your computer: Copy your data to a safe place. You will need blank DVDs, CDs, or an external hard drive large enough to store all your data. You will lose everything you don't back up. Reformat your hard drive. Reinstall Windows and other programs using your original disks. Make sure your antivirus program and Windows are set for automatic updates. Activate your firewall.