NEWS FROM THE LAB - Tuesday, January 15, 2008

From Storm With Love! Posted by Jose @ 21:40 GMT

Yet another wave of the Storm worm is now being spammed widely and this time it's all about love. They were late for Christmas, just in time for the New Year and really early for Valentine's Day. The filename being downloaded now is withlove.exe.

Storm heart

The subject lines are the same as was used during January of last year; you can find them here and here.

Here's a sample of the spammed e-mail:

Storm With Love Message

We now detect this as Email-Worm:W32/Zhelatin.PY.

Update: As the file on the websites is changing every 15 to 30 minutes, requiring us to release a new update every time, it's good to see that DeepGuard is proactively able to block this without any updates. No signatures required.

DeepGuard blocks Valentine's Storm

Note: We're only four days away from the one year anniversary of Storm, the first one being found shortly after midnight (in Helsinki) on Jan 19th, 2007.