After a hiatus, the gang behind the Storm worm is attempting to exploit people's curiosity about a fictional love interest to tempt users into downloading the malware, according to security training organisation the Sans Institute.
Donald Smith, a security expert from the Sans Institute, warned on Tuesday that a Storm worm download site had been detected by security researcher "DavidF". A link that contained the site's IP address was being spammed out in emails, wrote Smith. He noted that spam is being sent with the message: "Crazy in love with you" http://184.108.40.206.
Smith said that index.html encourages visitors to run the "loveyou" executable by asking: "Who is loving you? Do you want to know? Just click here and choose either open or run". Smith recommended IT professionals block the IP address until it gets "cleaned up".
The unknown gang behind the Storm botnet tried a similar technique in January in the run up to Valentine's Day. At the time, Sophos warned that the gang was using a social-engineering technique in an attempt to trick users into clicking on a link in a "Valentine's Day" email.