After a brief hiatus, the Storm is at it again, this time with a love-themed email:
So far, subject lines include the following:
A Dream is a Wish
A Is For Attitude
A Kiss So Gentle
A Rose for My Love
A Token of My Love
Come Relax with Me
Destiny
Dream of You
Eternity of Your Love
Falling In Love with You
Happy I'll Be Your Bride
Heavenly Love
Hugging My Pillow
I Love You Because
Kisses Through E-mail
Love Is...
Nights full of love and pleasure!
Your Love Has Opened
The email itself is vintage Storm, resorting again to simple social engineering and a link with an IP address. Clicking on that link will take you to a website that simply has links to an executable called “withlove.exe”.
The webpage itself is simple, and unlike some previous Storm efforts, contains no browser exploit code. The user must choose to download and execute the file. The page does contain a small piece of obfuscated Javascript that simply encodes the link to the “withlove.exe” file – presumably to prevent detection from scanners.
The Storm botnet is obviously still alive and kicking, although in spam terms we observe it to be much less of a beast than it once was. Six months ago in August we noted that the Storm botnet was responsible for up to 20% of all spam. Now the spam volumes emanating from this botnet is much less, at about 1% - although this lastest email flurry may change that.
.JPG)
