In association with heise online

12 February 2008, 14:02

Valentine's Day greetings from storm worm

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Was it just a test run, or do the storm worm botnet's operators have difficulty reading a calendar? Storm-infected computers were sending out Valentine's Day messages a whole month ago - despite the fact that it's actually this Thursday. A number of anti-virus software vendors are now warning of a new wave of storm worm emails promising Valentine's Day greetings, but in fact merely infecting users with new versions of the worm.

The emails, with subject lines such as Love Rose, Rockin' Valentine or Just You, include links to websites showing one of eight different sloppy Valentine's Day images pointing to a file called valentine.exe. The detection rate for anti-virus software is abysmal - only Kaspersky, Sophos and F-Secure, which contains the Kaspersky engine, detect the current malware version. Since the botnet operators frequently replace the executable, detection rates are, however, highly variable.

Signature updates from anti-virus software vendors are barely able to keep up, so that some variants remain undetected and can be executed. Solutions with integrated behavioural blockers or additional behaviour based detection programs, such as Norton's AntiBot or Trend Micro's RUBotted, are likely to offer better protection in such cases.

The usual security tips should help protect against storm worm infection. Don't open unrequested email attachments, never execute files from dubious websites and always keep your anti-virus software up to date. Further tips on protection from malware can be found on heise Security's anti-virus pages.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit