It has been almost four months since Valentine’s Day, but tell that to the Storm malware authors. TrendLabs Content Security has seen a new trickle of Storm-related spam, again hewing to themes of love and romance. Perhaps said authors believe this run will be a runaway success, since June is widely held as the most popular month for weddings?
As samples of these email messages show above, email subjects read “Stand by my side,” “I want to be with you,” and “Lucky to have you”—simple statements dripping with sincerity, or so spammers hope, to get unsuspecting users hooked.
The said subject lines differ from the one-liners that make up the message body, alongside malicious IP addresses that don’t bother to ask users to click on them. But if the curious do click on these, they are redirected to the following site:
This is where they are then asked to “click here” and choose “Open” or “Run”—but not before they are made to read teasers hinting of secret admirers: “Who is loving you? Do you want to know?”
And if they dare to find out, the “secret admirer” turns out to be a file named LOVEYOU.EXE, which Trend Micro detects as WORM_NUWAR.BC.
Heart-related themes have been used time and again as spam baits. Because of its popularity, this is a theme that will probably last a lifetime, if users continue to fall for its schemes. The earliest such Storm variant, as written by Threats Analyst Robert McArdle, used a long list of girls’ names, perhaps to target men. Of course, Storm also made its presence felt around Valentine’s this year, with a spam run that led to a cutesy Web site where WORM_NUWAR.AR could be downloaded. In fact, as early as January, Storm was already spamming out some love.