It’s not even Valentine’s Day yet and Storm authors are already spamming out some lovin’.
This new wave of Storm is very similar to previous fake eCard variants that feature a link in the spammed email message:
The link contained in the said message connects to the following page:
Clicking the heart downloads the file WITH_LOVE.EXE, which is detected by Trend Micro as WORM_NUWAR.BK.
The Storm malware shows no signs of slowing down as it nears its first anniversary on January 19th. Since its holiday run is over with Christmas and New Year now past, it’s still gearing up to make its anniversary “special” even if it has to use a holiday theme a month too early. This seems to be in keeping with how it marked the New Year, when the botnet was seen to send out New Year-themed messages on Christmas Day. It could mean that we have to keep a closer look at our social engineering calendars and anticipate Storm waves way before the appointed dates of holidays and special occasions. Because Storm seems to have made a New Year’s resolution: The early worm gets the bird.