Valentine's Day greetings from storm worm
Was it just a test run, or do the storm worm botnet's operators have difficulty reading a calendar? Storm-infected computers were sending out Valentine's Day messages a whole month ago - despite the fact that it's actually this Thursday. A number of anti-virus software vendors are now warning of a new wave of storm worm emails promising Valentine's Day greetings, but in fact merely infecting users with new versions of the worm.
The emails, with subject lines such as Love Rose, Rockin' Valentine or Just You, include links to websites showing one of eight different sloppy Valentine's Day images pointing to a file called
valentine.exe. The detection rate for anti-virus software is abysmal - only Kaspersky, Sophos and F-Secure, which contains the Kaspersky engine, detect the current malware version. Since the botnet operators frequently replace the executable, detection rates are, however, highly variable.
Signature updates from anti-virus software vendors are barely able to keep up, so that some variants remain undetected and can be executed. Solutions with integrated behavioural blockers or additional behaviour based detection programs, such as Norton's AntiBot or Trend Micro's RUBotted, are likely to offer better protection in such cases.
The usual security tips should help protect against storm worm infection. Don't open unrequested email attachments, never execute files from dubious websites and always keep your anti-virus software up to date. Further tips on protection from malware can be found on heise Security's anti-virus pages.
- Storm Has Sent Their Cupids, warning from F-Secure
- Storm Sure Loves Everybody, warning from Trend Micro
- Same Storm, Different Day, warning from Symantec