The latest round of emails are disguised as greeting cards and contain subject lines such as 'Your ecard joke is waiting,' 'You have an ecard' and 'We have a ecard surprise.'
The body of the message contains a text link leading to a web page advertising an online 'greeting card' supposedly sent to the user.
On clicking either the image or the link, the user downloads an executable file that installs the Storm malware.
Infected machines are then connected to a customised peer-to-peer network which is used to control the botnet and install new versions of the worm.
This malware connects the user to Storm's huge botnet, which has been linked to spam runs and phishing attacks, and is said to be among the greatest threats on the internet.
As Storm's run nears 14 months, security companies are stepping up their efforts to slow the worm.
ThreatStop has made its normally private list of blocked Storm domains available to the general public, allowing users to copy the list and use it with firewall software to block traffic from known Storm distributors.
"We are taking this action because our users and test beds have seen that a significant amount of Storm worm traffic is blocked by the DShield lists that we propagate," said the company.
"When the internet as a whole is under assault like this we, as good netizens, should do our part to help."
Storm worm continues its rampage
By Shaun Nichols on Mar 5, 2008 7:38AM