The Storm Worm (dubbed so by the Finnish company F-Secure) is a phishing backdoor Trojan horse that affects computers using Microsoft operating systems, discovered on January 17, 2007. The worm is also known as:
Small.dam or Trojan-Downloader.Win32.Small.dam (F-Secure)
CME-711 (MITRE)
W32/Nuwar@MM and Downloader-BAI (specific variant) (McAfee)
Troj/Dorf and Mal/Dorf (Sophos)
Trojan.DL.Tibs.Gen!Pac13
Trojan.Downloader-647
Trojan.Peacomm (Symantec)
TROJ_SMALL.EDW (Trend Micro)
Win32/Nuwar (ESET)
Win32/Nuwar.N@MM!CME-711 (Windows Live OneCare)
W32/Zhelatin (F-Secure and Kaspersky)
Trojan.Peed, Trojan.Tibs (BitDefender)
The Storm Worm began attacking thousands of (mostly private) computers in Europe and the United States on Friday, January 19, 2007, using an e-mail message with a subject line about a recent weather disaster, “230 dead as storm batters Europe”. During the weekend there were six subsequent waves of the attack. As of January 22, 2007, the Storm Worm accounted for 8% of all malware infections globally.
There is evidence, according to PCWorld, that the Storm Worm was of Russian origin, possibly traceable to the Russian Business Network.