With the Valentine's Day holiday approaching, be on the lookout for spam e-mails spreading the Storm Worm malicious software (malware). The e-mail directs the recipient to click on a link to retrieve the electronic greeting card (e-card). Once the user clicks on the link, malware is downloaded to the Internet-connected device and causes it to become infected and part of the Storm Worm botnet. A botnet is a network of compromised machines under the control of a single user. Botnets are typically set up to facilitate criminal activity such as spam e-mail, identity theft, denial of service attacks, and spreading malware to other machines on the Internet.

The Storm Worm virus has capitalized on various holidays in the last year by sending millions of e-mails advertising an e-card link within the text of the spam e-mail. Valentine's Day has been identified as the next target.

Be wary of any e-mail received from an unknown sender. Do not open any unsolicited e-mail and do not click on any links provided.

If you have received this, or a similar e-mail, please file a complaint at www.ic3.gov.

The media picked up on the story today and if you don't pay attention, you might think this is something new. It isn't. It's just new for Valentines Day.

"Storm worm" got its name because it first appeared in early 2007, hiding in an email attachment with the subject line, "230 dead as storm batters Europe." Opening the attachment resulted in your computer joining the bot network that uses your computer as a slave bot. Schneier on Security has one of the most complete descriptions on the worm worm that you can find. His description includes that fact that the malware program morphs itself every 30 minutes making it impossible for anti-virus programs to detect. One of the few ways that might lead you to believe you are infected is unexplained high demands on your computer resources. He also suggests that the malware is leased out to various criminal groups. It apparently is a big money maker.

A recent article in Information Week suggested Storm Worm "Earns Millions a day in Profit." Of course, the only people who know exactly how much it "earns" are hidden away in the underbelly of the cyberworld. Unless the author is very connected, it is at best a speculative guess designed simply to make big headlines. Perhaps that claim should have come with a disclaimer, you know as do mutual fund ads, "The actual earnings may be far less ... or more." But one estimate is that 10% of all spam sent across the Internet last month was from Storm Worm controlled computers. It is more plausible, and is a heck of a lot of spam!

But the impact on the rest of us is obvious. If you forgot to buy a Valentine card this year and figure you might get away with an electronic one. Don't bother. Most recipients "should" be too smart to open it ... if they heed the recent 're-warning' about Storm Worm.