Some things arrive way too early. This time, it’s the Storm worm.

The Storm gang is starting early on the Valentine’s day theme, and we are receiving emails from these affectionate souls, trying to deliver “withlove.exe“, and other malicious vday themed executable names to our systems.

This campaign includes familiar and consistent characteristics. An email will arrive with a cute statement related to the theme, inviting a user to visit a hyperlink containing an ip address. The destination web site will attempt to exploit the visitor’s system, and if it can’t, the page provides a download link for the executable:

The authors of this one must be planning on some Valentine’s day Mexican cuisine. We’ve seen it dropping files like “burito.ini” and “burito5e84-1216.sys”, before killing AV products and adding the victim host to its huge botnet.

Last year’s massive Storm outbreak pushed romantic subject lines such as “Sending You My Love” and “You’re the One”. While “With love”, “I Would Dream”, and “Memories of You” isn’t all that much of a change, it’s a small twist. Nicolas Albright made a fairly safe prediction that this upcoming holiday would be the next target:
“The DISOG team is placing bets on the next rouse. I say adult rated material for February 14th (St. Valentines Day).”

I’m sure he’ll have another interesting post about this variant.

This entry was posted on Tuesday, January 15th, 2008 at 12:05 pm and is filed under Bot, Storm, Worm. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.