Storm's Premature Invitation:
PC Tools Issues Early Warning of Valentine's Day Storm Worm
San Francisco, January 16, 2008 - PC Tools has identified a storm worm that is taking advantage of Valentine's Day,
delivering "withlove.exe" and other Valentine's Day themed executable names as attachments for email messages with subjects
such as "I would dream" and "Memories of you."
PC Tools warns consumers that the worm delivers rootkits and maintains control of a system via peer-to-peer communications
(p2p), potentially making compromised systems a tool in identity theft and financial loss.
The storm worm delivers an email with an affectionate statement, inviting the user to visit a hyperlink containing an IP
address. The destination website will attempt to exploit the visitor's system, and if it can't, the page provides a download
link for the executable.
PC Tools' Chief Threat Officer, Kurt Baumgartner, said that the 2008 campaign resembles the 2007 Valentine's Day storm campaign
that pushed romantic subject lines such as "Sending you my love" and "You're the One," but with a Mexican twist for its
dropped components.
"Interestingly, we witnessed a variant of the worm dropping files like "burito.ini" and "burito5e84-1216.sys" before killing
anti-virus products and adding the victim's computer to its botnet," said Baumgartner. "The ini file maintains a list of
p2p peer information for maintaining communication throughout the botnet, while the sys file is a driver that injects code
deep into the operating system."
NOTE TO EDITORS
Simon Clausen, Chief Executive Officer and Kurt Baumgartner, Chief Threat Officer, are available for interviews. Kurt Baumgartner
recently presented on unique KelnsertQueueApc rootkit behaviors that stealthily fuel the storm worm at the recent Virus
Bulletin Conference in September 2007. Further information about the Valentine's Day storm worm can be found at
http://www.threatexpert.com/report.aspx?md5=ad3bde6bfeb43a92eb29c44f46bfcb5c and
http://www.threatexpert.com/report.aspx?md5=34f1ff4434ef65c225df372d62f819b0.
ABOUT PC TOOLS™
PC Tools is a global software leader with a cache of security and utility products, including the multi award-winning Spyware
Doctor®. PC Tools is an industry leader in real-time anti-spyware and has a number of key patents pending.
The PC Tools Malware Research Centre monitors trends and emerging spyware issues and provides security solutions for the
consumer and enterprise marketplace. The company is headquartered in Sydney, with offices in San Francisco, London, Shannon
(Ireland), Melbourne, Kiev, and Boulder. PC Tools has a global network of distributors, resellers, and retailers.
MEDIA CONTACTS
Sayo Ogundiran
Monument PR WorldWide
(415) 547-1817
(650) 209-5109 (alternate phone)
|