Storm worm masquerades as patch, storms on

A new variant of the dreaded "Storm Worm" is hitting inboxes around the world, disguising itself as a fix for infected PCs. Users receive an email with a subject line like "Virus Activity Detected!" Upon opening the email, the user is greeted by a password-protected .zip file that contains the "fix," which is, actually--you guessed it--the virus. Upon making its home as a rootkit on the local hard drive, the virus connects to a private P2P network and downloads updates, possibly to lay the groundwork for a future attack. The virus can be a bit tricky to filter through email, as it apparently uses randomized file names, passwords and subject lines to evade detection. Just be sure that your users know well enough not to install any "patches" they receive via email.

For more on the worm:
- see this ZDnet article