Valentine's Day storm warning

Anti-virus vendor, PC Tools has identified a storm worm that is taking advantage of Valentine’s Day.

The worm is delivered in an email dubbed “withlove.exe” and other Valentine’s Day themed executable names as attachments for email messages with subjects such as; “I would dream”; and “Memories of you”.

According to PC Tools, the worm delivers rootkits and maintains control of a system via peer-to-peer communications (p2p), potentially making compromised systems a tool in identity theft and financial loss.

The storm worm delivers an email with an affectionate statement, inviting the user to visit a hyperlink containing an IP address. The destination website will attempt to exploit the visitor’s system, and if it can’t, the page provides a download link for the executable file.

PC Tools’ chief threat officer, Kurt Baumgartner, said that the 2008 campaign resembles the 2007 Valentine’s Day storm campaign that pushed romantic subject lines such as “Sending you my love” and “You’re the one”, but with a Mexican twist for its dropped components.

“Interestingly, we witnessed a variant of the worm dropping files like 'burito.ini' and 'burito5e84-1216.sys' before killing anti-virus products and adding the victim’s computer to its botnet,” said Baumgartner. “The ini file maintains a list of p2p peer information for maintaining communication throughout the botnet, while the sys file is a driver that injects code deep into the operating system.”