In their most predictable fashion, the distributors of Waledac are engineering a new valentine’s day scheme for their malware delivery. The ThreatFire community is preventing you.exe, meandyou.exe, and onlyyou.exe from being run on desktops. The web servers appear to be serving the same file from each site with the names above, which ThreatExpert identifies accurately.
The distributors currently are using
to serve up some these files and the nice graphics above with a cute question “Guess, which one is for you?”. Old sites listed at Shadowserver and other sites are being re-used as well with the new valentine’s day theme. A screenshot of one of the sites is above.
DO NOT VISIT THESE SITES, DO NOT DOWNLOAD AND RUN THESE EXECUTABLES.
Compare to last year’s Valentine’s day Storm theme that we described in a post, which they served up “With love!”:
And another of Storm’s themes that we posted about here.