Global Threat Network detects the World War III worm

Cloudmark announced that the company’s advanced fingerprinting technologies, in combination with the Global Threat Network, identified the “World War III” virus immediately after the first variants began to appear.

The WWIII virus, which appears to be another variant of the Storm worm widely propagated in early 2007 when hackers created an email masquerading as a news report, entices users with fictitious subject lines about the start of World War III or the United States bombing Iran. The emails include malicious attachments that infect the victim’s machine if clicked on. Cloudmark identified and stopped the virus just after 11:00 a.m. PT on April 8, 2007, more than three hours before some of the free anti-virus products detected it and a full 20 hours before other anti-virus vendors were able to respond to the attacks. In fact, it appears that many anti-virus companies have yet to come up with a generic signature capable of detecting new variants of the storm worm and several security vendors did not release signatures to fully block the WWIII virus until the morning of April 10.