Storm’s Premature Invitation: PC Tools Issues Early Warning of Valentine’s Day Storm Worm

San Francisco, January 16, 2008 – PC Tools has identified a storm worm that is taking advantage of Valentine’s Day, delivering “withlove.exe” and other Valentine’s Day themed executable names as attachments for email messages with subjects such as “I would dream” and “Memories of you.”

PC Tools warns consumers that the worm delivers rootkits and maintains control of a system via peer-to-peer communications (p2p), potentially making compromised systems a tool in identity theft and financial loss.

The storm worm delivers an email with an affectionate statement, inviting the user to visit a hyperlink containing an IP address. The destination website will attempt to exploit the visitor’s system, and if it can’t, the page provides a download link for the executable.

PC Tools’ Chief Threat Officer, Kurt Baumgartner, said that the 2008 campaign resembles the 2007 Valentine’s Day storm campaign that pushed romantic subject lines such as “Sending you my love” and “You’re the One,” but with a Mexican twist for its dropped components.

“Interestingly, we witnessed a variant of the worm dropping files like “burito.ini” and “burito5e84-1216.sys” before killing anti-virus products and adding the victim’s computer to its botnet,” said Baumgartner. “The ini file maintains a list of p2p peer information for maintaining communication throughout the botnet, while the sys file is a driver that injects code deep into the operating system.”

NOTE TO EDITORS

Simon Clausen, Chief Executive Officer and Kurt Baumgartner, Chief Threat Officer, are available for interviews. Kurt Baumgartner recently presented on unique KelnsertQueueApc rootkit behaviors that stealthily fuel the storm worm at the recent Virus Bulletin Conference in September 2007. Further information about the Valentine’s Day storm worm can be found at http://www.threatexpert.com/report.aspx?md5=ad3bde6bfeb43a92eb29c44f46bfcb5c and http://www.threatexpert.com/report.aspx?md5=34f1ff4434ef65c225df372d62f819b0

ABOUT PC TOOLS

PC Tools is a global software leader with a cache of security and utility products, including the multi award-winning Spyware Doctor®. PC Tools is an industry leader in real-time anti-spyware and has a number of key patents pending.

The PC Tools Malware Research Centre monitors trends and emerging spyware issues and provides security solutions for the consumer and enterprise marketplace. The company is headquartered in Sydney, with offices in San Francisco, London, Shannon (Ireland), Melbourne, Kiev, and Boulder. PC Tools has a global network of distributors, resellers, and retailers.