Storm Worm: Don't Miss the Love Boat

No sooner had my colleague Silas commented that we should expect to see a new attack from the Storm worm authors, we see a new wave of spam emails with links to variants of Trojan.Peacomm.D.

The emails are short and to the point, containing a brief message, followed by a URL. Should the user click on the URL, they will be directed to a site that looks like this:



The subjects and bodies we have seen so far include the following (many are recycled from the Storm worm's 2007 Valentine's Day campaign):

• A Dream is a Wish
• A Is For Attitude
• A Kiss So Gentle
• A Rose
• A Rose for My Love
• A Toast My Love
• Come Dance with Me
• Come Relax with Me
• Dream of You
• Eternal Love
• Eternity of Your Love
• Falling In Love with You
• For You....My Love
• Heavenly Love
• Hugging My Pillow
• I Love You Because
• I Love You Soo Much
• I Love You with All I Am
• I Would Dream
• If Loving You
• In Your Arms
• Inside My Heart
• Love Remains
• Memories of You|A Token of My Love
• Miracle of Love
• Our Love is Free
• Our Love Nest
• Our Love Will Last
• Pages from My Heart
• Path We Share
• Sending You All My Love
• Sending You My Love
• Sent with Love
• Special Romance
• Surrounded by Love
• The Dance of Love
• The Mood for Love
• The Time for Love
• When Love Comes Knocking
• When You Fall in Love
• Why I Love You
• Words in my Heart
• Wrapped in Your Arms
• You... In My Dreams
• Your Friend and Lover
• Your Love Has Opened
• You're my Dream

Attachment Name:
• withlove.exe
• with_love.exe

I don't know about you, but I feel that this campaign has started a little bit too early. Maybe the Peacomm creators feel that they need a head start this time, since they started a bit late on their Christmas 2007 campaign. After all they don't want to miss the boat when it comes to gathering more bots for their network.
Source: Symantec.com