Here’s an interesting update regarding the “storm malware” (a.k.a. TROJ_SMALL.EDW and WORM_NUWAR.CQ — I really can’t tell the difference anymore, considering they work together): they’re attacking STRATION.

In an analysis by Joe Stewart of SecureWorks, it was found out that the P2P botnet created by TROJ_SMALL.EDW has a distributed denial of service (DDoS) functionality that targets specific IP addresses. Among the said addresses are related to the following domains known to be used by certain STRATION variants:

• adesuikintandefunhandesun.com
• esunhuitionkdefunhsadwa.com
• huirefunkionmdesa.com
• krovalidajop.com
• shionkertunhedanse.com
• traferreg.com

A more detailed analysis can be found here.

The last time a “worm war” took place (it was NETSKY vs. BAGLE, if my memory serves me right), the “collateral damage” — i.e., customer infections/outbreaks, which also translate to monetary losses — was high. Is history repeating itself? Let’s hope not.