No sooner had my colleague Silas commented that we should expect to see a new

Storm Worm: Don't Miss the Love Boat


attack from the Storm worm authors, we see a new wave of spam emails with links to variants of Trojan.Peacomm.D.
The emails are short and to the point, containing a brief message, followed by a URL. Should the user click on the URL, they will be directed to a site that looks like this:

The subjects and bodies we have seen so far include the following (many are recycled from the Storm worm's 2007 Valentine's Day campaign):
• A Dream is a Wish
• A Is For Attitude
• A Kiss So Gentle
• A Rose
• A Rose for My Love
• A Toast My Love
• Come Dance with Me
• Come Relax with Me
• Dream of You
• Eternal Love
• Eternity of Your Love
• Falling In Love with You
• For You....My Love
• Heavenly Love
• Hugging My Pillow
• I Love You Because
• I Love You Soo Much
• I Love You with All I Am
• I Would Dream
• If Loving You
• In Your Arms
• Inside My Heart
• Love Remains
• Memories of You|A Token of My Love
• Miracle of Love
• Our Love is Free
• Our Love Nest
• Our Love Will Last
• Pages from My Heart
• Path We Share
• Sending You All My Love
• Sending You My Love
• Sent with Love
• Special Romance
• Surrounded by Love
• The Dance of Love
• The Mood for Love
• The Time for Love
• When Love Comes Knocking
• When You Fall in Love
• Why I Love You
• Words in my Heart
• Wrapped in Your Arms
• You... In My Dreams
• Your Friend and Lover
• Your Love Has Opened
• You're my Dream
Attachment Name:
• withlove.exe
• with_love.exe
I don't know about you, but I feel that this campaign has started a little bit too early. Maybe the Peacomm creators feel that they need a head start this time, since they started a bit late on their Christmas 2007 campaign. After all they don't want to miss the boat when it comes to gathering more bots for their network.

Posted by Hon Lau on January 16, 2008 07:15 AM
https://www.symantec.com/enterprise/..._the_boat.html