By Margarita Snegireva. The Storm Worm began infecting thousands of computers (mostly private) in Europe and the United States on Friday, January 19, 2007, using an e-mail message with a subject line about a recent weather disaster, "230 dead as storm batters Europe".
During the weekend there were six subsequent waves of the attack. As of Monday, January 22, the Storm Worm accounted for 8% of all infections globally.
For nearly a year, cyber-security researchers have tracked the Storm worm as its malicious code spread across the Internet, drawing computers into a growing botnet of hijacked computers. Now, they've found evidence that segments of its zombie army are being rented to the highest bidder.
Over the past week, researchers at Finnish security company F-secure have identified what they say is the first use of Storm's massive "botnet"- collection of hundreds of thousands of computers hijacked with hidden software- steal users' banking information.
Tracing the physical location of phishing sites that impersonated pages from U.K.-based Barclay and Halifax banks, F-secure's researchers found that they were hosted on the same Russian server used for distributing Storm in recent weeks. F-secure's researchers also report the software used to mimic Barclay's and Halifax's banking sites is a primitive phishing kit from 2004--a sign that Storm's innovative creators are renting out their real estate to less savvy cyber-criminals.