Our heuristics have gotten pretty well tuned to the varieties of storm worms we’re seeing. We generally catch the new variants, but nobody is catching them all without incurring a significant false positive rate. There are probably some companies that would take issue, but when you block everything, including good, that counts as false positives in my book.
The storm worm gang is changing not only their code, but their tactics regularly. Yeah, I could tell you each day what the newest twist is, but that is a reactive solution, not a proactive solution. The best proactive defense against the storm worm gang is thinking. If someone you don’t know sends you a link to a video, or an alleged video that purports to show blood and guts, or fuzzy rabbits, you don’t have to click. It isn’t what it says it is anyway. If someone you don’t know sends you an eCard, it isn’t an eCard anyway and is not worth clicking on. If someone you don’t know tells you that you won a lottery you didn’t enter – you don’t have to click. If an unknown person says your face is in a video, it doesn’t make it true and you don’t have to download their exploit. You may know your neighbor by name, but an email form someone named “You neighbor” is not from someone you know.
If someone gives you a bulletproof vest, you don’t have to line your friends up with guns and tell them to shoot at you!
We’ll do our best to proactively detect the newest storm worm samples, but nothing works as well as not falling for a scam in the first place.
Director of Technical Education
Author ESET Research, ESET