The Storm Gang At It Again

In an attempt to bolster the number of drones in their botnet the Storm Gang has started sending out more spam email.

The emails come with fancy subject lines like " Lonely without you" and "Just you and me". The emails contain a small blurb of text followed by a URL that leads the user to a page similar to the following:

On this page the user is presented with another link that downloads "loveyou.exe" which is the latest variant of the storm worm.

After scanning the executable over at virustotal.com (14/32 detection rate) I decided to run it and see if it does anything that past variants didn't do.

Like other variants an .exe and a .config file were dropped in the windows directory both name mahmud. I didn't notice any differences between this and older variants other than the file name.

As always do not follow links to sites you do not know or trust, safe surfing rules apply to email as well.

Be sure to keep your Ad-Aware 2008 updated! Ad-Aware detects the storm worm as Win32.Worm.Zhelatin