The emails typically claim that an electronic card has been sent to the recipient and that it can be viewed at the enclosed URL.
"Virus writers are avoiding the Christmas rush and getting started now," said Peter Lorant, senior director at Postini which warned of the attack.
"The virus distributors used to start in September, but now they are kicking off in the usually quiet month of July. This is the second attack this month using the same variant of malware."
The first attack occurred from 2 July to 9 July. It generated 123 million messages, three times more than any attack in the past two years. But in the earlier attack the malware was sent out in an attachment, whereas this is a web only attack.
In general the sites hosting the malware have been generated by the malware writers, but a small number are hacked pages of legitimate companies.
Lorant warned that companies need to take greater care of their own sites to avoid being a vector for malware.
"Of the millions of hacked sites out there 99 percent are small and medium sized businesses or personal sites," he said.
"Typically a small business paid a couple of thousand pounds to get the site up and they do not update it. They need to take stronger measures to avoid being used to spread malware."
Storm worm breaks over the internet
By Iain Thomson on Jul 27, 2007 6:57AM