Valentine’s Day isn’t for another month, but that’s not stopping controllers of the Storm Trojan from using the holiday theme to trick users into downloading the malware.
A posting on the SANS Internet Storm Center Web site describes another wave of Storm emails with a subject designed to catch the recipient’s attention and an email body with a URL consisting of only an IP address. Once a user visits the Web site he is “served with a nice web page and a link to download an executable,” the ISC says — the same trick used in previous attacks. The user will see something like this:
The advice here is the same as always: Don’t click on URLs and email attachments from sources you don’t know and trust.